Lucene search
K
SaintMost viewed

4305 matches found

Saint
Saint
•added 2011/02/10 12:0 a.m.•79 views

WebEx WRF Player buffer overflow

Added: 02/10/2011 CVE: CVE-2010-3269 BID: 46075 Background The WebEx Recording Format WRF is used to save recordings of WebEx meetings to a file. The WebEx WRF Player allows users to play a WRF file. Problem A buffer overflow vulnerability in the WebEx WRF Player allows command execution when a...

9.3CVSS6.7AI score0.11414EPSS
Exploits4
Saint
Saint
•added 2011/01/05 12:0 a.m.•79 views

SSH password weakness

Added: 01/05/2011 CVE: CVE-1999-0502 Background Passwords are the most commonly used method of authenticating users to a server. The combination of a login name and password is used to verify the identity of a user requesting access, and to determine what parts of the server the user has permissi...

7.5CVSS9.6AI score0.53618EPSS
Exploits41
Saint
Saint
•added 2010/11/04 12:0 a.m.•79 views

Mozilla Firefox document.write and DOM insertion memory corruption

Added: 11/04/2010 CVE: CVE-2010-3765 BID: 44425 OSVDB: 68905 Background Firefox is a freely available web browser for multiple platforms including Windows, Linux, and Mac OS. Problem A memory corruption vulnerability allows command execution when a user loads a specially crafted web page containi...

9.3CVSS9.8AI score0.83279EPSS
Exploits14
Saint
Saint
•added 2010/07/22 12:0 a.m.•79 views

Windows Shell LNK file CONTROL item command execution

Added: 07/22/2010 CVE: CVE-2010-2568 BID: 41732 OSVDB: 66387 Background Microsoft Windows supports LNK files, also known as shortcuts, which are references to other files. Shortcuts can be placed in a location which is convenient for users such as the Desktop or Start menu, from which they can be...

9.3CVSS7.9AI score0.91324EPSS
Exploits13
Saint
Saint
•added 2010/04/13 12:0 a.m.•79 views

Nagios statuswml.cgi Command Injection

Added: 04/13/2010 CVE: CVE-2009-2288 BID: 35464 OSVDB: 55281 Background Nagios is a network host and service monitoring and management system. Problem The Nagios statuswml.cgi script passes unsanitized data to the ping and traceroute commands, resulting in shell command execution via...

7.5CVSS7.8AI score0.83453EPSS
Exploits14
Saint
Saint
•added 2007/11/09 12:0 a.m.•79 views

EMC NetWorker Remote Exec service subcmd buffer overflow

Added: 11/09/2007 CVE: CVE-2007-3618 BID: 25375 OSVDB: 39744 Background EMC NetWorker is a centralized data backup solution. Problem A buffer overflow vulnerability in the Remote Exec service nsrexecd.exe allows remote attackers to execute arbitrary commands by sending a long, invalid subcmd to a...

9.3CVSS7.8AI score0.07103EPSS
Exploits5
Saint
Saint
•added 2006/04/07 12:0 a.m.•79 views

VERITAS Backup Exec Agent Browser hostname buffer overflow

Added: 04/07/2006 CVE: CVE-2004-1172 BID: 11974 OSVDB: 12418 Background VERITAS Backup Exec for Windows is a data backup and recovery solution. Problem A buffer overflow in the VERITAS Backup Exec Agent Browser allows a remote attacker to execute commands by sending a long, specially crafted...

10CVSS7.3AI score0.81791EPSS
Exploits7
Saint
Saint
•added 2018/06/06 12:0 a.m.•78 views

Apache Struts 2 Struts 1 plugin Showcase OGNL code execution

Added: 06/06/2018 CVE: CVE-2017-9791 BID: 99484 Background Apache Struts is an open-source web application framework for developing Java EE web applications. The Struts 1 plugin allows developers to use Struts 1 Actions and ActionForms in Struts 2 applications. The Showcase application is an...

9.8CVSS9.8AI score0.98931EPSS
Exploits19
Saint
Saint
•added 2017/08/15 12:0 a.m.•78 views

Jenkins groovy.util.Expando Java deserialization vulnerability

Added: 08/15/2017 CVE: CVE-2016-0792 BID: 83720 Background Jenkins is a standalone, open-source automation server written in Java. Problem A deserialization vulnerability in the groovy.util.Expando class allows a remote attacker to execute arbitrary commands by requesting createItem with speciall...

9CVSS7.6AI score0.82697EPSS
Exploits23
Saint
Saint
•added 2015/09/15 12:0 a.m.•78 views

Windows Media Center command execution

Added: 09/15/2015 CVE: CVE-2015-2509 Background Windows Media Center is software for watching DVDs and TV channels on Windows systems. Problem A vulnerability in Windows Media Center could allow command execution when a user opens an .mcl file which references an executable file supplied by an...

9.3CVSS6.5AI score0.71044EPSS
Exploits12
Saint
Saint
•added 2012/12/27 12:0 a.m.•78 views

IBM Cognos TM1 and Express Admin Server Buffer Overflow

Added: 12/27/2012 CVE: CVE-2012-0202 BID: 52847 OSVDB: 80876 Background IBM Cognos TM1 is enterprise planning software for planning, budgeting, forecasting and analysis. IBM Cognos Express is an integrated business intelligence BI and planning solution which delivers the essential reporting,...

10CVSS7AI score0.5485EPSS
Exploits8
Saint
Saint
•added 2012/02/06 12:0 a.m.•78 views

Windows Media MIDI Invalid Channel

Added: 02/06/2012 CVE: CVE-2012-0003 BID: 51292 OSVDB: 78210 Background Musical Instrument Digital Interface MIDI is an industry specification for encoding, storing, synchronizing, and transmitting the musical performance and control data of electronic musical instruments and other electronic...

9.3CVSS8.1AI score0.69499EPSS
Exploits12
Saint
Saint
•added 2011/11/07 12:0 a.m.•78 views

Oracle AutoVue AutoVueX ActiveX Control ExportEdaBom Arbitrary File Overwrite

Added: 11/07/2011 BID: 50332 OSVDB: 76539 Background Oracle AutoVue Enterprise Visualization is a suite of Oracle products designed to deliver a web-based capability to access, view, digitally annotate and collaborate on technical and business documents, without requiring specialized computer-aid...

0.6AI score
Exploits0
Saint
Saint
•added 2010/11/05 12:0 a.m.•78 views

HP Performance Manager Apache Tomcat Policy Bypass

Added: 11/05/2010 CVE: CVE-2009-3548 BID: 36954 OSVDB: 60176 Background HP Performance Manager Software is a web-based analysis and visualization tool that analyzes performance trends of applications, systems, and services. HP Performance Manager incorporates Apache Tomcat 5 to help serve custom...

7.5CVSS8.5AI score0.78995EPSS
Exploits10
Saint
Saint
•added 2010/07/29 12:0 a.m.•78 views

Yahoo Messenger WScript.Shell ActiveX control command execution

Added: 07/29/2010 Background Yahoo! Messenger is an instant messaging application. It includes the WScript.Shell ActiveX control. Problem The Execute method of the WScript.Shell ActiveX control allows command execution when a malicious web page is loaded in Internet Explorer. Resolution Set the...

7.3AI score
Exploits0
Saint
Saint
•added 2007/10/05 12:0 a.m.•78 views

Microsoft Visual Basic VBP file buffer overflow

Added: 10/05/2007 CVE: CVE-2007-4776 BID: 25629 OSVDB: 36936 Background Microsoft Visual Basic is a development tool for building Windows applications. Problem A buffer overflow vulnerability in Microsoft Visual Basic allows command execution when a user opens a specially crafted Visual Basic...

9.3CVSS6.8AI score0.48964EPSS
Exploits7
Saint
Saint
•added 2006/02/24 12:0 a.m.•78 views

Internet Explorer COM object instantiation vulnerability

Added: 02/24/2006 CVE: CVE-2005-1990 BID: 14511 OSVDB: 18612 Background Windows operating systems use the Component Object Model COM to allow various program components to be run within different applications. Problem Improper instantiation of certain COM objects as ActiveX controls by Internet...

5.1CVSS7AI score0.48513EPSS
Exploits4
Saint
Saint
•added 2019/06/28 12:0 a.m.•77 views

SAPIDO RB-1732 command injection

Added: 06/28/2019 Background SAPIDO RB-1732 is a wireless router. Problem A vulnerability in the web interface allows remote attackers to execute arbitrary commands by sending a specially crafted request to the formSysCmd resource. Resolution Apply a firmware update which fixes this vulnerability...

8.3AI score
Exploits0
Saint
Saint
•added 2018/06/06 12:0 a.m.•77 views

Windows RRAS Service Remote Code Execution Vulnerability

Added: 06/06/2018 BID: 102055 Background Routing Remote Access Service RRAS is a Microsoft API that can be used to create client applications. These applications display RAS common dialog boxes, manage remote access connections and devices, and manipulate phone-book entries. These APIs make it...

8.5CVSS7.6AI score0.45521EPSS
Exploits6
Saint
Saint
•added 2017/01/17 12:0 a.m.•77 views

Swift Mailer PwnScriptum Command Injection

Added: 01/17/2017 BID: 95140 Background Swift Mailer is a component-based library used for sending email from PHP. It is used by many PHP programming frameworks, e.g., Yii2, Laraval, and Symfony. Problem Swift Mailer library mail transport SwiftTransportMailTransport is vulnerable to command...

7.5CVSS9.9AI score0.41827EPSS
Exploits18
Saint
Saint
•added 2013/10/17 12:0 a.m.•77 views

HP LoadRunner lrFileIOService ActiveX WriteFileString Method Traversal Vulnerability

Added: 10/17/2013 CVE: CVE-2013-4798 BID: 61443 OSVDB: 95642 Background HP LoadRunner is a software performance testing solution. HP LoadRunner includes the lrFileIOService ActiveX control. Problem HP LoadRunner before 11.52 is vulnerable to remote code execution. The lrFileIOService ActiveX...

10CVSS7.2AI score0.67723EPSS
Exploits9
Saint
Saint
•added 2013/04/29 12:0 a.m.•77 views

3S CoDeSys Gateway Server Crafted Packet Stack Overflow

Added: 04/29/2013 CVE: CVE-2012-4708 BID: 58032 OSVDB: 90371 Background Smart Software Solutions GmbH 3S manufactures CoDeSys Gateway Server, a Supervisory Control and Data Acquisition/Human-Machine Interface SCADA/HMI product. The Gateway Server listens on TCP port 1211. Problem 3S CoDeSys Gatew...

10CVSS6.6AI score0.07427EPSS
Exploits4
Saint
Saint
•added 2013/03/22 12:0 a.m.•77 views

WellinTech KingView KingMess.exe Log File Parsing Overflow

Added: 03/22/2013 CVE: CVE-2012-4711 BID: 57909 OSVDB: 89690 Background WellinTech is a China-based company which produces KingView, a Web-based SCADA application for Windows-based control, monitoring, and data collection that is used internationally. Problem WellinTech KingView KingMess.exe is...

10CVSS7.3AI score0.61492EPSS
Exploits8
Saint
Saint
•added 2012/07/23 12:0 a.m.•77 views

Oracle Java Runtime Hotspot Bytecode Verifier Type Confusion

Added: 07/23/2012 CVE: CVE-2012-1723 BID: 53960 OSVDB: 82877 Background Java is a programming language that compiles programs to bytecode, which is then executed inside a Java Virtual Machine. This is optimal for applications that must run on various hardware platforms, such as web applets. Probl...

10CVSS9.8AI score0.93688EPSS
Exploits9
Saint
Saint
•added 2012/03/30 12:0 a.m.•77 views

Java SE AtomicReferenceArray Unsafe Security Bypass

Added: 03/30/2012 CVE: CVE-2012-0507 BID: 52161 OSVDB: 80724 Background Java is a programming language that compiles programs to bytecode, which is then executed inside a Java Virtual Machine. This is optimal for applications that must run on various hardware platforms, such as web applets. Java...

10CVSS9.7AI score0.98113EPSS
Exploits13
Saint
Saint
•added 2011/06/03 12:0 a.m.•77 views

7T Interactive Graphical SCADA System dc.exe Directory Traversal

Added: 06/03/2011 CVE: CVE-2011-1566 BID: 46936 OSVDB: 72349 Background 7-Technologies Interactive Graphical SCADA System IGSS is a Supervisory Control and Data Acquisition SCADA solution used mainly in Denmark and the US. Problem An input validation error in the Data Collector service dc.exe whe...

10CVSS6.8AI score0.66982EPSS
Exploits11
Saint
Saint
•added 2011/03/28 12:0 a.m.•77 views

Microsoft Office Groove Insecure Library Loading

Added: 03/28/2011 CVE: CVE-2010-3146 BID: 42695 OSVDB: 67484 Background Microsoft Office Groove is a collaboration-based software application that allows teams and organizations to work together regardless of physical or network location. Problem Microsoft Office Groove has a vulnerability due to...

9.3CVSS6.4AI score0.13715EPSS
Exploits5
Saint
Saint
•added 2010/04/22 12:0 a.m.•77 views

Java Runtime Environment Soundbank Resource Name Stack Buffer Overflow

Added: 04/22/2010 CVE: CVE-2010-0839 BID: 39070 OSVDB: 63494 Background The Java Runtime Environment JRE is part of the Java Development Kit JDK, a set of programming tools for developing Java applications. The JRE Java programming class library contains the Java Sound Application Interface API t...

7.5CVSS9.6AI score0.03538EPSS
Exploits4
Saint
Saint
•added 2007/06/22 12:0 a.m.•77 views

Apache mod_rewrite LDAP URL buffer overflow

Added: 06/22/2007 CVE: CVE-2006-3747 BID: 19204 OSVDB: 27588 Background modrewrite is an Apache module which allows rule-based modification of URL requests. Problem An off-by-one buffer overflow vulnerability in modrewrite allows command execution when the escapeabsoluteuri function attempts to...

7.6CVSS7.1AI score0.96436EPSS
Exploits20
Saint
Saint
•added 2007/04/16 12:0 a.m.•77 views

Windows DNS server RPC management interface buffer overflow

Added: 04/16/2007 CVE: CVE-2007-1748 BID: 23470 OSVDB: 34100 Background The Windows DNS service runs an RPC management interface which listens on a dynamically assigned TCP port. Problem A buffer overflow vulnerability in the Windows DNS service allows remote attackers to execute arbitrary comman...

10CVSS9.9AI score0.79128EPSS
Exploits17
Saint
Saint
•added 2007/02/16 12:0 a.m.•77 views

Solaris telnetd authentication bypass

Added: 02/16/2007 CVE: CVE-2007-0882 BID: 22512 OSVDB: 31881 Background The Telnet service allows remote users to authenticate to a system and use an interactive command shell. The Telnet service is implemented by the Telnet daemon, telnetd. Problem The telnetd program in Solaris 10 and 11...

10CVSS7.5AI score0.97848EPSS
Exploits13
Saint
Saint
•added 2006/12/28 12:0 a.m.•77 views

MailEnable POP PASS command buffer overflow

Added: 12/28/2006 CVE: CVE-2006-6605 BID: 21645 OSVDB: 32341 Background MailEnable is a mail server supporting SMTP and POP3 for Windows platforms. Problem A buffer overflow vulnerability in MailEnable allows remote, unauthenticated attackers to execute arbitrary commands by sending a long,...

10CVSS7.9AI score0.05844EPSS
Exploits4
Saint
Saint
•added 2025/10/24 12:0 a.m.•76 views

BentoML runner server deserialization vulnerability

Added: 10/24/2025 CVE: CVE-2024-9070 Background BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Problem A deserialization vulnerability in the BentoML runner server allows remote attackers to execute arbitrary commands by sending a...

9.8CVSS7.8AI score0.00846EPSS
Exploits2
Saint
Saint
•added 2020/01/13 12:0 a.m.•76 views

Citrix ADC and Gateway directory traversal and XML file upload

Added: 01/13/2020 Background Citrix ADC formerly NetScaler ADC is an application delivery and load balancing platform. Citrix Gateway formerly NetScaler Unified Gateway is a secure workspace access and single sign-on solution. Problem A directory traversal vulnerability allows remote attackers to...

0.9AI score
Exploits0
Saint
Saint
•added 2019/02/27 12:0 a.m.•76 views

Drupal REST module command execution

Added: 02/27/2019 CVE: CVE-2019-6340 BID: 107106 Background Drupal is an open-source content management system written in PHP. Problem The Drupal REST module does not properly sanitize input from non-form sources, allowing an attacker to execute arbitrary code. Resolution Upgrade to Drupal 8.5.11...

8.1CVSS8.5AI score0.92017EPSS
Exploits22
Saint
Saint
•added 2014/12/03 12:0 a.m.•76 views

Linux kernel futex_requeue privilege elevation

Added: 12/03/2014 CVE: CVE-2014-3153 BID: 67906 OSVDB: 107752 Background The futex system call in Linux provides a mechanism for user-space locking. Problem A vulnerability in the Linux kernel allows an unprivileged user to gain root access using a specially crafted futexrequeue call. Resolution...

7.2CVSS7.3AI score0.37233EPSS
Exploits15
Saint
Saint
•added 2013/06/26 12:0 a.m.•76 views

Oracle WebCenter Capture ActiveX SetAnnotationFont buffer overflow

Added: 06/26/2013 CVE: CVE-2013-1516 BID: 59112 OSVDB: 92387 Background Oracle WebCenter Capture formerly Oracle Document Capture is a centralized document scanning solution. Problem The Import Server subcomponent of Oracle WebCenter Capture is affected by a buffer overflow vulnerability. The...

4CVSS6.5AI score0.00995EPSS
Exploits4
Saint
Saint
•added 2012/03/01 12:0 a.m.•76 views

ABB WebWare Server RobNetScanHost.exe Stack Buffer Overflow

Added: 03/01/2012 CVE: CVE-2012-0245 BID: 52123 OSVDB: 79476 Background ABB provides power and automation technology solutions including robots and related software. ABB WebWare Server is a web-based manufacturing support system designed to facilitate a wide range of production management tasks,...

10CVSS7.7AI score0.0818EPSS
Exploits4
Saint
Saint
•added 2011/02/22 12:0 a.m.•76 views

HP Universal CMDB Server Axis2 default password

Added: 02/22/2011 CVE: CVE-2010-0219 BID: 45625 OSVDB: 70233 Background HP Universal CMDB Server 9.0 is a modular management system that consists of a rich business-service-oriented data model with built-in discovery of configuration items CIs and configuration item dependencies, visualization an...

10CVSS9.2AI score0.89871EPSS
Exploits17
Saint
Saint
•added 2010/06/07 12:0 a.m.•76 views

RedHat JBoss Enterprise Application Platform JMX Console Authentication Bypass

Added: 06/07/2010 CVE: CVE-2010-0738 BID: 39710 OSVDB: 64171 Background JBoss Application Server AS is a full-featured open source Java application server that includes full support for J2EE-based APIs. JBoss AS runs on numerous operating systems e.g., Linux, FreeBSD, Mac OS X, and Microsoft...

5CVSS7.2AI score0.79415EPSS
Exploits28
Saint
Saint
•added 2010/02/17 12:0 a.m.•76 views

Wireshark LWRES dissector buffer overflow

Added: 02/17/2010 CVE: CVE-2010-0304 BID: 37985 OSVDB: 61987 Background Wireshark is a network packet analyzer. Problem A buffer overflow vulnerability in the LWRES dissector allows command execution when a user sends a specially crafted datagram over a network which is being analyzed by Wireshar...

7.5CVSS6.7AI score0.73666EPSS
Exploits12
Saint
Saint
•added 2008/11/10 12:0 a.m.•76 views

Adobe PageMaker key strings buffer overflow

Added: 11/10/2008 CVE: CVE-2007-6432 BID: 31999 OSVDB: 50055 Background Adobe PageMaker is page layout software. Problem A buffer overflow vulnerability in AldFs32.dll allows command execution when a user opens a specially crafted PMD file. Resolution See the solution referenced in APSA08-10...

9.3CVSS6.7AI score0.08402EPSS
Exploits4
Saint
Saint
•added 2008/07/02 12:0 a.m.•77 views

HP OpenView Network Node Manager connectedNodes.ovpl command execution

Added: 07/02/2008 CVE: CVE-2005-2773 BID: 14662 OSVDB: 19057 Background HP OpenView Network Node Manager is network availability and performance management software. Problem A command injection vulnerability in the connectedNodes.ovpl CGI script allows remote attackers to execute arbitrary comman...

7.5CVSS9.9AI score0.7409EPSS
Exploits9
Saint
Saint
•added 2017/04/28 12:0 a.m.•75 views

Windows DCE-RPC MIBEntryGet vulnerability (ErraticGopher)

Added: 04/28/2017 Background Distributed Computing Environment - Remote Procedure Call DCE-RPC is the protocol used by Windows operating systems for calling program functions on remote targets. Problem A memory corruption vulnerability in the DCE-RPC MIBEntryGet call could allow remote attackers ...

3.1AI score
Exploits0
Saint
Saint
•added 2010/12/01 12:0 a.m.•75 views

Microsoft Excel Drawing Exception Handling vulnerability

Added: 12/01/2010 CVE: CVE-2010-3335 BID: 44659 OSVDB: 69087 Background Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows and Macintosh platforms. Problem A use-after-free vulnerability during exception handling in Microsoft Office allows comman...

9.3CVSS7.7AI score0.23915EPSS
Exploits5
Saint
Saint
•added 2010/08/03 12:0 a.m.•75 views

Novell GroupWise Internet Agent IMAP Service Stack Buffer Overflow

Added: 08/03/2010 CVE: CVE-2010-2777 BID: 41704 OSVDB: 66623 Background Novell GroupWise is an e-mail and collaboration product suite. Problem A buffer overflow vulnerability exists within the IMAP component of the Novell GroupWise Internet Agent service and is due to a boundary error while...

9CVSS6.6AI score0.10388EPSS
Exploits4
Saint
Saint
•added 2008/12/11 12:0 a.m.•75 views

Windows search-ms protocol handler command execution vulnerability

Added: 12/11/2008 CVE: CVE-2008-4269 BID: 32652 OSVDB: 50566 Background The search-ms protocol allows applications to query the Windows Search index. Problem A vulnerability in Windows allows command execution when a user follows a specially crafted search-ms URL which passes arbitrary arguments ...

8.5CVSS6.4AI score0.20516EPSS
Exploits5
Saint
Saint
•added 2008/02/01 12:0 a.m.•75 views

Oracle XDB component PITRIG_TRUNCATE buffer overflow

Added: 02/01/2008 CVE: CVE-2008-0339 BID: 27229 OSVDB: 40300 Background The PITRIGTRUNCATE function is included in the XDB.XDBPITRIGPKG package which is included with Oracle Database. Problem A buffer overflow vulnerability in the PITRIGTRUNCATE function allows remote, authenticated attackers to...

10CVSS7.5AI score0.1453EPSS
Exploits4
Saint
Saint
•added 2006/08/21 12:0 a.m.•75 views

IBM eGatherer ActiveX RunEgatherer buffer overflow

Added: 08/21/2006 CVE: CVE-2006-4221 BID: 19554 OSVDB: 27976 Background The eGatherer ActiveX control is installed with IBM Access Support. Problem A buffer overflow in the eGatherer ActiveX control allows command execution by a web page which sends a long, specially crafted file name to the...

9.3CVSS6.8AI score0.08407EPSS
Exploits10
Saint
Saint
•added 2026/03/23 12:0 a.m.•74 views

Windows Routing and Remote Access Service integer overflow

Added: 03/23/2026 Background The Windows Routing and Remote Access Service supports remote user or site-to-site connectivity by using VPN or dial-up connections. Problem An integer overflow vulnerability in the Windows Routing and Remote Access Service allow command execution when a domain-joined...

8CVSS6AI score0.00836EPSS
Exploits3
Total number of security vulnerabilities4305