Lucene search
K
SaintMost viewed

4305 matches found

Saint
Saint
•added 2019/12/31 12:0 a.m.•84 views

Alcatel OmniVista remote command execution

Added: 12/31/2019 Background Alcatel OmniVista is a graphical interface to Alcatel OmniPCX, a common VoIP solution. Problem Directory traversal and insecure upload vulnerabilities allow a remote attacker to upload and execute arbitrary PHP code. Resolution Upgrade to OmniVista 8770 version 4.1.12...

8.2AI score
Exploits0
Saint
Saint
•added 2012/05/30 12:0 a.m.•84 views

IBM Rational ClearQuest CQOle ActiveX

Added: 05/30/2012 CVE: CVE-2012-0708 BID: 53170 OSVDB: 81443 Background Rational ClearQuest is an enterprise workflow automation tool. It functions as a bug tracking tool and can act as a CRM or process tracker. Problem The ClearQuest web client installs ActiveX modules on the client system. Thes...

9.3CVSS6.3AI score0.3095EPSS
Exploits10
Saint
Saint
•added 2012/03/06 12:0 a.m.•84 views

Sysax SSH Username Remote Code Execution

Added: 03/06/2012 BID: 52190 OSVDB: 79689 Background Sysax Multi Server is a Secure FTP Server and SSH2 Secure Shell Server combined into a single product. It simultaneously supports remote access and file transfer using FTP, FTPS, SFTP, Telnet, and Secure Shell. It also supports web based file...

7.8AI score
Exploits0
Saint
Saint
•added 2011/09/19 12:0 a.m.•84 views

EMC Autostart ftAgent Overflow

Added: 09/19/2011 CVE: CVE-2011-2735 BID: 49238 OSVDB: 74597 Background EMC AutoStart is a cross-platform high-availability clustering solution. Problem The Agent Service of EMC AutoStart listens on TCP port 8045 and is vulnerable to a heap overflow when parsing malformed messages with opcode 0x1...

7.9CVSS6.6AI score0.02335EPSS
Exploits4
Saint
Saint
•added 2011/04/20 12:0 a.m.•84 views

DATAC RealWin SCADA Server TAG function stack overflow

Added: 04/20/2011 CVE: CVE-2011-1563 BID: 46937 Background RealWin is a Supervisory Control and Data Acquisition SCADA server which is distributed by DATAC. Problem A buffer overflow vulnerability in RealWin Server allows remote attackers to execute arbitrary commands by sending a long, specially...

10CVSS7.7AI score0.74638EPSS
Exploits15
Saint
Saint
•added 2010/06/18 12:0 a.m.•84 views

HP Operations Manager hidden Tomcat account

Added: 06/18/2010 CVE: CVE-2009-3843 BID: 37086 OSVDB: 60317 Background HP Operations Manager is a consolidated event and performance management console that correlates infrastructure, network and end-user experience events across an IT infrastructure. Problem A hidden Apache Tomcat account allow...

10CVSS9.8AI score0.78968EPSS
Exploits12
Saint
Saint
•added 2009/01/08 12:0 a.m.•84 views

Microsoft Works WkImgSrv.dll ActiveX Control WksPictureInterface vulnerability

Added: 01/08/2009 CVE: CVE-2008-1898 BID: 28820 OSVDB: 44458 Background Microsoft Works is a suite of productivity tools for home users. Problem The WkImgSrv.dll ActiveX control included in Microsoft Works allows command execution when a user loads a web page which instantiates the control with a...

9.3CVSS6.3AI score0.52033EPSS
Exploits7
Saint
Saint
•added 2008/09/24 12:0 a.m.•84 views

Microsoft Excel FORMAT record array index memory corruption

Added: 09/24/2008 CVE: CVE-2008-3005 BID: 30639 OSVDB: 47408 Background Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows and Macintosh platforms. Problem A memory corruption vulnerability allows command execution when a user opens a spreadsheet...

9.3CVSS6.5AI score0.31934EPSS
Exploits5
Saint
Saint
•added 2008/02/11 12:0 a.m.•84 views

Firebird username buffer overflow

Added: 02/11/2008 CVE: CVE-2008-0467 BID: 27467 OSVDB: 40924 Background Firebird is a freely available relational database which is available for multiple platforms. Problem A buffer overflow vulnerability in Firebird allows remote, unauthenticated attackers to execute arbitrary commands by sendi...

10CVSS7.7AI score0.06438EPSS
Exploits4
Saint
Saint
•added 2007/12/07 12:0 a.m.•84 views

MacroVision InstallShield Update Service isusweb.dll unsafe method

Added: 12/07/2007 CVE: CVE-2007-5660 BID: 26280 OSVDB: 38347 Background MacroVision InstallShield is software for creating installers or software packages. Problem Several unsafe methods in the Update Service ActiveX control allow command execution when a user loads a specially crafted web page...

9.3CVSS6.5AI score0.36619EPSS
Exploits12
Saint
Saint
•added 2025/10/03 12:0 a.m.•83 views

MeteoBridge template.cgi command injection

Added: 10/03/2025 CVE: CVE-2025-4008 Background MeteoBridge is a device which connects personal weather stations to public weather networks. Problem A command injection vulnerability in the MeteoBridge web interface could allow remote, unauthenticated attackers to execute arbitrary commands by...

8.8CVSS8.3AI score0.94991EPSS
Exploits3
Saint
Saint
•added 2017/02/16 12:0 a.m.•83 views

HP Smart Storage Administrator command injection

Added: 02/16/2017 CVE: CVE-2016-8523 BID: 95868 Background HP Smart Storage Administrator HP SSA is a web-based application that helps an administrator configure, manage, diagnose, and monitor HP ProLiant Smart Array Controllers and other storage devices such as host bus adapters HBAs and HP...

9CVSS9.2AI score0.1704EPSS
Exploits8
Saint
Saint
•added 2016/02/03 12:0 a.m.•83 views

IBM WebSphere Management Server Apache Commons

Added: 02/03/2016 CVE: CVE-2015-7450 Background IBM WebSphere Management console 7.x and 8.5.0 - 8.5.5.7 are packaged with a vulnerable version of the Apache Commons package. Problem Apache Commons Collections could allow a remote attacker to execute arbitrary code on the system, caused by the...

10CVSS10AI score0.97655EPSS
Exploits10
Saint
Saint
•added 2014/09/02 12:0 a.m.•83 views

F5 rsync daemon ConfigSync interface cmi module vulnerability

Added: 09/02/2014 CVE: CVE-2014-2927 BID: 69461 OSVDB: 110595 Background F5 BIG-IP is a suite of security, availability and acceleration products. Problem When configured to support failover, multiple BIG-IP products are vulnerable to an unauthenticated rsync access vulnerability that can be...

9.3CVSS7.3AI score0.0792EPSS
Exploits5
Saint
Saint
•added 2011/12/16 12:0 a.m.•83 views

Smart Software Solutions CoDeSys Webserver URI Copying Stack Buffer Overflow

Added: 12/16/2011 CVE: CVE-2011-5007 BID: 50849 OSVDB: 77387 Background Smart Software Solutions GmbH 3S manufactures CoDeSys Web Server, a Supervisory Control and Data Acquisition/Human-Machine Interface SCADA/HMI product. The SCADA Web Server listens on TCP port 8080. Problem The CmpWebServer.d...

10CVSS7.2AI score0.72582EPSS
Exploits6
Saint
Saint
•added 2010/03/22 12:0 a.m.•83 views

Adobe Reader Libtiff TIFFFetchShortPair Stack Buffer Overflow

Added: 03/22/2010 CVE: CVE-2010-0188 BID: 38195 OSVDB: 62526 Background Adobe Reader is free software for viewing PDF documents. Problem A stack buffer overflow vulnerability allows command execution when a user opens a PDF file with an embedded TIFF image that has one of several fields encoded a...

9.3CVSS8.4AI score0.88246EPSS
Exploits12
Saint
Saint
•added 2007/01/15 12:0 a.m.•83 views

Microsoft Visual Studio 2005 WMI Object Broker vulnerability

Added: 01/15/2007 CVE: CVE-2006-4704 BID: 20843 OSVDB: 30155 Background Microsoft Visual Studio is a product to assist with software development in the Windows operating system. Problem A flaw in the WMI Object Broker ActiveX control allows attackers to bypass security zone restrictions, leading ...

6.8CVSS6.4AI score0.42846EPSS
Exploits6
Saint
Saint
•added 2006/12/08 12:0 a.m.•83 views

BrightStor ARCserve Discovery service 9b command buffer overflow

Added: 12/08/2006 CVE: CVE-2006-6379 BID: 21502 OSVDB: 30775 Background The BrightStor ARCserve Backup server includes a discovery service which listens on ports 41523/TCP and 41524/UDP. Problem A buffer overflow vulnerability in the ASBRDCST.DLL library allows remote attackers to execute arbitra...

7.5CVSS7.9AI score0.2094EPSS
Exploits4
Saint
Saint
•added 2006/02/16 12:0 a.m.•83 views

Windows Media Player plugin EMBED buffer overflow

Added: 02/16/2006 CVE: CVE-2006-0005 BID: 16644 OSVDB: 23132 Background The Windows Media Player plug-in allows the processing of embedded media from inside other applications, such as web browsers. Problem A buffer overflow in the Windows Media Player plug-in allows remote command execution when...

9.3CVSS7.1AI score0.43861EPSS
Exploits8
Saint
Saint
•added 2025/08/27 12:0 a.m.•82 views

Citrix Session Recording deserialization vulnerability

Added: 08/27/2025 CVE: CVE-2024-8069 Background Citrix Session Recording is software for recording and archiving sessions for retrieval and playback. Problem Unsafe object deserialization in Citrix Session Recording could allow a remote attacker to execute arbitrary commands by sending a speciall...

8CVSS7.8AI score0.14736EPSS
Exploits2
Saint
Saint
•added 2016/01/25 12:0 a.m.•82 views

FortiOS Fortimanager_Access SSH account backdoor

Added: 01/25/2016 CVE: CVE-2016-1909 Background FortiOS is the operating system used by FortiGate network security appliances. Problem An undocumented account can be used to gain unauthorized access to the appliance. Resolution Upgrade to FortiOS 4.1.11, 4.2.16, 4.3.17, 5.0.8, 5.2.0, 5.4.0, or...

10CVSS9.6AI score0.71268EPSS
Exploits8
Saint
Saint
•added 2013/01/14 12:0 a.m.•82 views

Java MBeanInstantiator.findClass and Recursive Reflection Sandbox Escape

Added: 01/14/2013 CVE: CVE-2013-0422 BID: 57246 OSVDB: 89059 Background Java is a programming language that compiles programs to bytecode, which is then executed inside a Java Virtual Machine. This is optimal for applications that must run on various hardware platforms, such as web applets. Probl...

10CVSS10AI score0.97612EPSS
Exploits38
Saint
Saint
•added 2012/03/30 12:0 a.m.•82 views

Java SE AtomicReferenceArray Unsafe Security Bypass

Added: 03/30/2012 CVE: CVE-2012-0507 BID: 52161 OSVDB: 80724 Background Java is a programming language that compiles programs to bytecode, which is then executed inside a Java Virtual Machine. This is optimal for applications that must run on various hardware platforms, such as web applets. Java...

10CVSS9.8AI score0.98113EPSS
Exploits13
Saint
Saint
•added 2011/03/21 12:0 a.m.•82 views

EnterpriseDB PostgreSQL Plus Advanced Server DBA Management Server Authentication Bypass

Added: 03/21/2011 BID: 46662 Background Postgres Plus Advanced Server is an enterprise database solution. It includes several productivity tools, such as Migration Studio, Postgres Studio, DBA Management Server, and DBA Monitoring Console. Problem An authentication bypass vulnerability exists in...

0.2AI score
Exploits0
Saint
Saint
•added 2010/06/07 12:0 a.m.•82 views

RedHat JBoss Enterprise Application Platform JMX Console Authentication Bypass

Added: 06/07/2010 CVE: CVE-2010-0738 BID: 39710 OSVDB: 64171 Background JBoss Application Server AS is a full-featured open source Java application server that includes full support for J2EE-based APIs. JBoss AS runs on numerous operating systems e.g., Linux, FreeBSD, Mac OS X, and Microsoft...

5.3CVSS6.7AI score0.79415EPSS
Exploits28
Saint
Saint
•added 2010/01/09 12:0 a.m.•82 views

HP OpenView Network Node Manager nnmRptConfig.exe CGI Template Buffer Overflow

Added: 01/09/2010 CVE: CVE-2009-3848 BID: 37296 OSVDB: 60926 Background HP OpenView Network Node Manager is network availability and performance management software. Problem A stack buffer overflow vulnerability allows remote attackers to execute arbitrary commands by requesting the...

10CVSS7.6AI score0.11794EPSS
Exploits5
Saint
Saint
•added 2021/12/16 12:0 a.m.•81 views

Apache Log4j JNDI message lookup vulnerability

Added: 12/16/2021 Background Apache Log4j is a logging library used by many Java applications. Problem An attacker who is able to control log message content could embed a JNDI reference to an LDAP or RMI URL which downloads an executable Java class, leading to arbitrary command execution...

7.5AI score
Exploits0
Saint
Saint
•added 2019/07/26 12:0 a.m.•81 views

Citrix SD-WAN Appliance SQL and command injection

Added: 07/26/2019 Background Citrix Software-defined wide-area network SD-WAN is a service that grants the enterprise with the ability to dynamically connect branch offices and data centers on a global scale. Problem Citrix SD-WAN 10.1.x and 10.2.x before 10.2.3 allow unauthenticated SQL injectio...

8.6AI score
Exploits0
Saint
Saint
•added 2015/11/20 12:0 a.m.•81 views

Oracle WebLogic Apache Commons library deserialization vulnerability

Added: 11/20/2015 CVE: CVE-2015-4852 BID: 77539 Background Oracle WebLogic Server formerly BEA WebLogic Server is a Java web application platform. Apache Commons is a widely used Java library which is included in WebLogic Server. Problem A vulnerability in the Apache Commons library used by Oracl...

9.8CVSS9AI score0.96032EPSS
Exploits17
Saint
Saint
•added 2013/01/14 12:0 a.m.•81 views

Java MBeanInstantiator.findClass and Recursive Reflection Sandbox Escape

Added: 01/14/2013 CVE: CVE-2013-0422 BID: 57246 OSVDB: 89059 Background Java is a programming language that compiles programs to bytecode, which is then executed inside a Java Virtual Machine. This is optimal for applications that must run on various hardware platforms, such as web applets. Probl...

10CVSS10AI score0.97612EPSS
Exploits38
Saint
Saint
•added 2011/01/26 12:0 a.m.•81 views

CA ARCserve D2D Axis2 default password

Added: 01/26/2011 CVE: CVE-2010-0219 BID: 45625 OSVDB: 70233 Background CA ARCserve D2D is a disk-based backup solution. Problem CA ARCserve D2D deploys Axis2 with default credentials which can be used to gain unauthorized access to the web application server. By then uploading a specially crafte...

10CVSS9.2AI score0.89871EPSS
Exploits17
Saint
Saint
•added 2010/06/15 12:0 a.m.•81 views

Windows Help and Support Center -FromHCP URL whitelist bypass

Added: 06/15/2010 CVE: CVE-2010-1885 BID: 40725 OSVDB: 65264 Background The Microsoft Windows Help and Support Center is a resource in Microsoft Windows operating systems for online help, support, tools, how-to articles, and other resources. Problem A vulnerability in Windows Help and Support...

9.3CVSS9.6AI score0.75458EPSS
Exploits11
Saint
Saint
•added 2008/10/31 12:0 a.m.•81 views

Oracle WebLogic Server Apache Connector Transfer-Encoding buffer overflow

Added: 10/31/2008 CVE: CVE-2008-4008 BID: 31683 OSVDB: 49283 Background Oracle WebLogic Server formerly BEA WebLogic Server is a Java web application platform. Problem A buffer overflow vulnerability allows remote attackers to execute arbitrary commands by sending a specially crafted...

10CVSS7.8AI score0.56268EPSS
Exploits9
Saint
Saint
•added 2008/03/12 12:0 a.m.•81 views

Microsoft Office Web Components OWC.Spreadsheet.9 ActiveX Control overflow

Added: 03/12/2008 CVE: CVE-2006-4695 BID: 28135 OSVDB: 42711 Background Microsoft Office Web Components OWC are a group of OLE classes implemented as ActiveX controls. Problem A buffer overflow vulnerability in the OWC.Spreadsheet.9 ActiveX control allows command execution when a user loads a web...

9.3CVSS6.8AI score0.4014EPSS
Exploits6
Saint
Saint
•added 2007/06/22 12:0 a.m.•81 views

Apache mod_rewrite LDAP URL buffer overflow

Added: 06/22/2007 CVE: CVE-2006-3747 BID: 19204 OSVDB: 27588 Background modrewrite is an Apache module which allows rule-based modification of URL requests. Problem An off-by-one buffer overflow vulnerability in modrewrite allows command execution when the escapeabsoluteuri function attempts to...

7.6CVSS9.8AI score0.96436EPSS
Exploits20
Saint
Saint
•added 2007/02/16 12:0 a.m.•81 views

VERITAS NetBackup bpcd daemon command chaining vulnerability

Added: 02/16/2007 CVE: CVE-2006-4902 BID: 21565 OSVDB: 31334 Background VERITAS NetBackup is a backup and recovery solution for multiple platforms. Problem The NetBackup bpcd daemon fails to properly validate chained commands. A remote attacker could execute arbitrary commands by appending the...

10CVSS7.3AI score0.04235EPSS
Exploits4
Saint
Saint
•added 2006/04/04 12:0 a.m.•81 views

Windows LSASS buffer overflow

Added: 04/04/2006 CVE: CVE-2003-0533 BID: 10108 OSVDB: 5248 Background The Local Security Authority Subsystem Service LSASS provides an interface for managing local security, domain authentication, and Active Directory processes. Problem A buffer overflow in the DsRolepInitializeLog function in t...

7.5CVSS7.8AI score0.8615EPSS
Exploits8
Saint
Saint
•added 2005/12/04 12:0 a.m.•81 views

VERITAS NetBackup Volume Manager Daemon buffer overflow

Added: 12/04/2005 CVE: CVE-2005-3116 BID: 15353 OSVDB: 20674 Background VERITAS NetBackup is a backup and recovery solution for multiple platforms. Problem The Volume Manager Daemon VMD has an error in its shared library allowing for a buffer overflow. A specially crafted request sent to port...

10CVSS6.7AI score0.27617EPSS
Exploits5
Saint
Saint
•added 2026/03/25 12:0 a.m.•80 views

CraftCMS generate-transform command injection

Added: 03/25/2026 Background CraftCMS is a content management system written in PHP. Problem A vulnerability in CraftCMS allows remote attackers to inject arbitrary PHP code into the session file and then execute it using a specially crafted request to generate-transform. Resolution Upgrade to...

6.1AI score
Exploits0
Saint
Saint
•added 2019/12/16 12:0 a.m.•80 views

Revive Adserver deserialization vulnerability

Added: 12/16/2019 CVE: CVE-2019-5434 Background Revive Adserver is a free, open source ad serving system. Problem A deserialization vulnerability in Revive Adserver allows remote attackers to execute arbitrary commands injected into the what parameter of the openads.spc RPC method of adxmlrpc.php...

7.5CVSS9.9AI score0.57022EPSS
Exploits7
Saint
Saint
•added 2016/03/14 12:0 a.m.•80 views

Schneider Electric StruxureWare Building Operation Automation Server msh bypass

Added: 03/14/2016 CVE: CVE-2016-2278 Background The Schneider Electric StruxureWare Building Operation software suite provides integrated monitoring, control, and management of energy, HVAC, lighting and fire safety. The Automation Server is a building automation system for small and medium-sized...

9CVSS7.3AI score0.13426EPSS
Exploits7
Saint
Saint
•added 2014/12/03 12:0 a.m.•80 views

Linux kernel futex_requeue privilege elevation

Added: 12/03/2014 CVE: CVE-2014-3153 BID: 67906 OSVDB: 107752 Background The futex system call in Linux provides a mechanism for user-space locking. Problem A vulnerability in the Linux kernel allows an unprivileged user to gain root access using a specially crafted futexrequeue call. Resolution...

7.8CVSS7.2AI score0.37233EPSS
Exploits15
Saint
Saint
•added 2013/10/10 12:0 a.m.•80 views

Internet Explorer CDisplayPointer Object onpropertychange Use-After-Free

Added: 10/10/2013 CVE: CVE-2013-3897 BID: 62811 OSVDB: 98207 Background Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems. Problem Microsoft Internet Explorer contains a use-after-free error when processing CDisplayPointer objects contained in...

9.3CVSS8.9AI score0.77462EPSS
Exploits8
Saint
Saint
•added 2012/03/01 12:0 a.m.•80 views

ABB WebWare Server RobNetScanHost.exe Stack Buffer Overflow

Added: 03/01/2012 CVE: CVE-2012-0245 BID: 52123 OSVDB: 79476 Background ABB provides power and automation technology solutions including robots and related software. ABB WebWare Server is a web-based manufacturing support system designed to facilitate a wide range of production management tasks,...

10CVSS7.7AI score0.0818EPSS
Exploits4
Saint
Saint
•added 2011/08/29 12:0 a.m.•80 views

HP Easy Printer Care Software HPTicketMgr.dll ActiveX Control Remote Code Execution

Added: 08/29/2011 CVE: CVE-2011-2404 BID: 49100 OSVDB: 74510 Background HP Easy Printer Care Software is a tool to control and monitor up to 20 HP printers. Problem HP Easy Printer Care Software HPTicketMgr.dll is vulnerable to directory traversal due to insufficient input validation by the...

7.5CVSS6.7AI score0.7374EPSS
Exploits9
Saint
Saint
•added 2010/11/05 12:0 a.m.•80 views

HP Performance Manager Apache Tomcat Policy Bypass

Added: 11/05/2010 CVE: CVE-2009-3548 BID: 36954 OSVDB: 60176 Background HP Performance Manager Software is a web-based analysis and visualization tool that analyzes performance trends of applications, systems, and services. HP Performance Manager incorporates Apache Tomcat 5 to help serve custom...

7.5CVSS8.5AI score0.78995EPSS
Exploits10
Saint
Saint
•added 2010/08/05 12:0 a.m.•80 views

Apache Struts2 XWork ParameterInterceptor security bypass

Added: 08/05/2010 CVE: CVE-2010-1870 BID: 41592 OSVDB: 66280 Background Apache Struts is a Java web application framework. Apache Struts version 2 is based on WebWork 2. WebWork 2 uses XWork to invoke actions based on HTTP parameter names. The ParameterInterceptor component of XWork runs the...

5CVSS9.9AI score0.91079EPSS
Exploits22
Saint
Saint
•added 2008/09/23 12:0 a.m.•80 views

Trend Micro OfficeScan cgiRecvFile.exe ComputerName buffer overflow

Added: 09/23/2008 CVE: CVE-2008-2437 BID: 31139 OSVDB: 48024 Background Trend Micro OfficeScan is a centralized virus and security scan management system. Problem A buffer overflow vulnerability in cgiRecvFile.exe allows remote attackers to execute arbitrary commands by sending an HTTP request...

10CVSS7.8AI score0.06673EPSS
Exploits5
Saint
Saint
•added 2012/10/02 12:0 a.m.•79 views

Symantec Messaging Gateway Default SSH Password

Added: 10/02/2012 CVE: CVE-2012-3579 BID: 55143 OSVDB: 85028 Background Symantec Messaging Gateway is an email virus protection appliance that also provides antispam protection. Problem Symantec Messaging Gateway versions before 10.0 have a default password for the "support" account, which can be...

7.9CVSS6.6AI score0.40211EPSS
Exploits6
Saint
Saint
•added 2012/02/13 12:0 a.m.•79 views

Symantec pcAnywhere Host Services Login Overflow

Added: 02/13/2012 CVE: CVE-2011-3478 BID: 51592 OSVDB: 78532 Background Symantec pcAnywhere is a suite of remote connectivity applications that allow users of a system to access their system remotely. Problem A stack overflow exist in the pcAnywhere Host Service when parsing login names. An...

10CVSS7.4AI score0.39308EPSS
Exploits10
Total number of security vulnerabilities4305