Lucene search
K
SaintMost viewed

4305 matches found

Saint
Saint
•added 2019/06/28 12:0 a.m.•74 views

SAPIDO RB-1732 command injection

Added: 06/28/2019 Background SAPIDO RB-1732 is a wireless router. Problem A vulnerability in the web interface allows remote attackers to execute arbitrary commands by sending a specially crafted request to the formSysCmd resource. Resolution Apply a firmware update which fixes this vulnerability...

4.3AI score
Exploits0
Saint
Saint
•added 2018/05/16 12:0 a.m.•74 views

Exim SMTP listener base64d function one-character buffer overflow

Added: 05/16/2018 CVE: CVE-2018-6789 BID: 103049 Background Exim is a mail transfer agent used on Unix-like operating systems. Problem Exim 5.90 and earlier are vulnerable to a one-character buffer overflow in the base64d function in the SMTP listener. Resolution Upgrade to Exim 4.90.1 or higher,...

9.8CVSS9.8AI score0.82238EPSS
Exploits19
Saint
Saint
•added 2014/08/07 12:0 a.m.•74 views

Kolibri WebServer HTTP GET Request Handling Buffer Overflow

Added: 08/07/2014 CVE: CVE-2014-4158 BID: 68195 OSVDB: 108090 Background SENKAS Kolibri Webserver is a free very simple web server for Microsoft Windows that supports serving static web content. Problem Kolibri Webserver is vulnerable to a stack buffer overflow as a result of failure to properly...

7.5CVSS7.1AI score0.14301EPSS
Exploits7
Saint
Saint
•added 2013/05/24 12:0 a.m.•74 views

Java Runtime Environment DriverManager doPrivileged block sandbox bypass

Added: 05/24/2013 CVE: CVE-2013-1488 BID: 58504 OSVDB: 91472 Background Oracle Java is a development platform for developing and deploying Java applications. It includes the Java Development Kit JDK and the Java Runtime Environment JRE. The JRE provides the minimum requirements for executing a Ja...

10CVSS9.8AI score0.87227EPSS
Exploits10
Saint
Saint
•added 2013/02/15 12:0 a.m.•74 views

Ruby on Rails XML Processor YAML Deserialization

Added: 02/15/2013 CVE: CVE-2013-0156 BID: 57187 OSVDB: 89026 Background Ruby on Rails is a full stack, Web application framework optimized for sustainable programming productivity, allowing writing sound code by favoring convention over configuration. Problem Ruby on Rails versions prior to 2.3.1...

7.5CVSS7.7AI score0.99449EPSS
Exploits21
Saint
Saint
•added 2010/12/14 12:0 a.m.•74 views

Microsoft Office FlashPix Image Converter Dictionary property buffer overflow

Added: 12/14/2010 CVE: CVE-2010-3951 BID: 45278 OSVDB: 69808 Background Microsoft Office is a package that provides word processing, spreadsheet, presentation, e-mail, and calendaring capabilities for Microsoft Windows workstations. The suite ships with a set of image processing helper libraries...

9.3CVSS7.7AI score0.25106EPSS
Exploits4
Saint
Saint
•added 2010/01/09 12:0 a.m.•74 views

HP OpenView Network Node Manager nnmRptConfig.exe CGI Template Buffer Overflow

Added: 01/09/2010 CVE: CVE-2009-3848 BID: 37296 OSVDB: 60926 Background HP OpenView Network Node Manager is network availability and performance management software. Problem A stack buffer overflow vulnerability allows remote attackers to execute arbitrary commands by requesting the...

10CVSS7.6AI score0.11794EPSS
Exploits5
Saint
Saint
•added 2009/01/08 12:0 a.m.•74 views

Microsoft Works WkImgSrv.dll ActiveX Control WksPictureInterface vulnerability

Added: 01/08/2009 CVE: CVE-2008-1898 BID: 28820 OSVDB: 44458 Background Microsoft Works is a suite of productivity tools for home users. Problem The WkImgSrv.dll ActiveX control included in Microsoft Works allows command execution when a user loads a web page which instantiates the control with a...

9.3CVSS6.2AI score0.52033EPSS
Exploits7
Saint
Saint
•added 2007/12/12 12:0 a.m.•74 views

Microsoft Message Queuing queue name buffer overflow

Added: 12/12/2007 CVE: CVE-2007-3039 BID: 26797 OSVDB: 39123 Background Microsoft Message Queuing allows applications which may be running at different times to communicate across a network. Problem A buffer overflow vulnerability in the Microsoft Message Queuing service allows remote attackers t...

9CVSS7.5AI score0.69055EPSS
Exploits13
Saint
Saint
•added 2007/08/23 12:0 a.m.•74 views

Trend Micro ServerProtect RPC NTF_SetPagerNotifyConfig buffer overflow

Added: 08/23/2007 CVE: CVE-2007-4218 BID: 25395 OSVDB: 39754 Background ServerProtect is a virus scanner for servers. Problem A buffer overflow in the NTFSetPagerNotifyConfig function within the Notification.dll library allows remote attackers to execute arbitrary commands by sending a specially...

10CVSS7.7AI score0.13021EPSS
Exploits12
Saint
Saint
•added 2006/07/17 12:0 a.m.•74 views

sipXtapi Cseq header buffer overflow

Added: 07/17/2006 CVE: CVE-2006-3524 BID: 18906 OSVDB: 27122 Background The Session Initiation Protocol SIP is a signaling protocol for a variety of uses, including instant messanging and Voice over Internet Protocol. sipXtapi is a client library for SIP-based user agents. It is included in Pingt...

7.5CVSS7.6AI score0.66993EPSS
Exploits14
Saint
Saint
•added 2005/11/28 12:0 a.m.•74 views

IIS Double Decoding Directory Traversal

Added: 11/28/2005 CVE: CVE-2001-0333 BID: 2708 OSVDB: 556 Background Microsoft IIS is a web server for Windows platforms. Problem Microsoft IIS 4.0 and 5.0 allow path validation checks to be bypassed by URL-encoding invalid characters twice. Thus, a backslash is first represented as %5c, and then...

7.5CVSS6.7AI score0.9077EPSS
Exploits8
Saint
Saint
•added 2015/02/25 12:0 a.m.•73 views

Radia Client Automation radexecd.exe command injection

Added: 02/25/2015 CVE: CVE-2015-1497 BID: 72612 OSVDB: 118382 Background Radia Client Automation is an endpoint management solution. Problem The radexecd.exe daemon does not properly authenticate or sanitize user requests, allowing remote attackers to execute arbitrary commands. Resolution Use th...

10CVSS7.1AI score0.75116EPSS
Exploits16
Saint
Saint
•added 2014/10/24 12:0 a.m.•73 views

Windows OLE Package Manager CPackage::DoVerb() INF File Download Vulnerability

Added: 10/24/2014 CVE: CVE-2014-4114 BID: 70419 OSVDB: 113140 Background OLE Object Linking and Embedding is a technology that allows applications to share data and functionality, such as the ability to create and edit compound data, i.e., data that contains information in multiple formats. For...

9.3CVSS8.2AI score0.81628EPSS
Exploits22
Saint
Saint
•added 2014/01/28 12:0 a.m.•73 views

HP Data Protector Backup Client Service opcode 42 directory traversal

Added: 01/28/2014 CVE: CVE-2013-6194 BID: 64647 OSVDB: 101630 Background HP OpenView Storage Data Protector is a backup solution for enterprise and distributed environments. Problem A vulnerability in the Backup Client Service OmniInet.exe allows remote, unauthenticated attackers to write files t...

10CVSS7.4AI score0.65924EPSS
Exploits10
Saint
Saint
•added 2012/05/31 12:0 a.m.•73 views

IBM Lotus Quickr QP2 ActiveX Overflow

Added: 05/31/2012 CVE: CVE-2012-2176 BID: 53678 OSVDB: 82166 Background IBM Lotus Quickr is a team collaboration solution that provides teams with a data repository, and interfaces with Lotus Notes, Sametime, Symphony, and more. Problem The Lotus Quickr client installs several ActiveX controls on...

9.3CVSS6.4AI score0.31173EPSS
Exploits10
Saint
Saint
•added 2012/05/30 12:0 a.m.•73 views

IBM Rational ClearQuest CQOle ActiveX

Added: 05/30/2012 CVE: CVE-2012-0708 BID: 53170 OSVDB: 81443 Background Rational ClearQuest is an enterprise workflow automation tool. It functions as a bug tracking tool and can act as a CRM or process tracker. Problem The ClearQuest web client installs ActiveX modules on the client system. Thes...

9.3CVSS6.3AI score0.3095EPSS
Exploits10
Saint
Saint
•added 2010/07/22 12:0 a.m.•73 views

Windows Shell LNK file CONTROL item command execution

Added: 07/22/2010 CVE: CVE-2010-2568 BID: 41732 OSVDB: 66387 Background Microsoft Windows supports LNK files, also known as shortcuts, which are references to other files. Shortcuts can be placed in a location which is convenient for users such as the Desktop or Start menu, from which they can be...

9.3CVSS7.9AI score0.91324EPSS
Exploits13
Saint
Saint
•added 2006/06/21 12:0 a.m.•73 views

Microsoft Excel URL unicode buffer overflow

Added: 06/21/2006 CVE: CVE-2006-3086 BID: 18500 OSVDB: 26666 Background Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows platforms. Problem A buffer overflow in Excel when processing long URL strings allows command execution when a user clicks ...

9.3CVSS6.8AI score0.56461EPSS
Exploits6
Saint
Saint
•added 2005/12/20 12:0 a.m.•73 views

BrightStor ARCserve Backup agent for MS-SQL buffer overflow

Added: 12/20/2005 CVE: CVE-2005-1272 BID: 14453 OSVDB: 18501 Background BrightStor ARCserve Backup is a backup and recovery solution for multiple platforms. Problem A buffer overflow in the backup agent for Microsoft SQL Server allows remote attackers to execute arbitrary commands. Resolution App...

7.5CVSS7.9AI score0.66121EPSS
Exploits8
Saint
Saint
•added 2017/10/25 12:0 a.m.•72 views

Cisco Prime Collaboration Provisioning ScriptMgr HEAD request vulnerability

Added: 10/25/2017 CVE: CVE-2017-6622 BID: 98520 Background The Cisco Prime Collaboration product family facilitates installation and maintenance of Cisco Unified Communications and Cisco TelePresence components, as well as the provisioning of users and services. Problem Missing security constrain...

10CVSS9.6AI score0.6217EPSS
Exploits5
Saint
Saint
•added 2013/08/30 12:0 a.m.•72 views

Oracle Java Runtime Environment AWT storeImageArray Vulnerability

Added: 08/30/2013 CVE: CVE-2013-2465 BID: 60657 OSVDB: 94339 Background Java Runtime Environment JRE allows end users to run Java applications. Problem A buffer overflow vulnerability in the storeImageArray function of the Abstract Window Toolkit AWT library awt.dll allows command execution when ...

10CVSS8.5AI score0.98704EPSS
Exploits10
Saint
Saint
•added 2013/05/20 12:0 a.m.•72 views

phpMyAdmin preg_replace from_prefix sanitization vulnerability

Added: 05/20/2013 CVE: CVE-2013-3238 BID: 59460 OSVDB: 92793 Background phpMyAdmin is a free software tool, written in PHP, designed to handle the administration of MySQL over the Web. Problem phpMyAdmin before 3.5.8.1 is vulnerable to code injection as a result of failure to sanitize input passe...

6CVSS6.7AI score0.28851EPSS
Exploits14
Saint
Saint
•added 2013/05/13 12:0 a.m.•72 views

Nagios Remote Plugin Executor Metacharacter Filtering Omission

Added: 05/13/2013 CVE: CVE-2013-1362 BID: 58142 OSVDB: 90582 Background Nagios is a network host and service monitoring and management system. Nagios Remote Plugin Executor NRPE is an addon for Nagios that allows remote execution of Nagios plugins on other Linux/Unix machines. Problem Nagios Remo...

7.5CVSS7.4AI score0.65724EPSS
Exploits9
Saint
Saint
•added 2012/04/27 12:0 a.m.•72 views

LANDesk ThinkManagement Suite ServerSetup.asmx Directory Traversal

Added: 04/27/2012 CVE: CVE-2012-1195 BID: 52023 OSVDB: 79276 Background LANDesk Lenovo ThinkManagement Console provides hardware discovery, comprehensive inventory, and reporting for Lenovo systems. Problem LANDesk Lenovo ThinkManagement Console runs a web application under the Microsoft IIS web...

7.5CVSS6.2AI score0.68399EPSS
Exploits11
Saint
Saint
•added 2011/01/03 12:0 a.m.•72 views

Novell iPrint Client Browser Plugin embed Tag Parameter Buffer Overflow

Added: 01/03/2011 CVE: CVE-2010-4314 BID: 45301 OSVDB: 66959 Background Novell iPrint is an application which allows users to install and manage printers. Problem A buffer overflow vulnerability in Novell iPrint browser plugin allows command execution when a user loads a web page with an overly...

9.3CVSS9AI score0.03118EPSS
Exploits4
Saint
Saint
•added 2008/07/21 12:0 a.m.•72 views

SNMPc Network Manager SNMP TRAP community string buffer overflow

Added: 07/21/2008 CVE: CVE-2008-2214 BID: 28990 OSVDB: 44885 Background SNMPc Network Manager is a distributed network management and monitoring solution. Problem A buffer overflow vulnerability in SNMPc Network Manager allows remote attackers to execute arbitrary commands by sending an SNMP TRAP...

10CVSS7.8AI score0.08838EPSS
Exploits5
Saint
Saint
•added 2007/09/11 12:0 a.m.•72 views

Microsoft Agent crafted URL vulnerability

Added: 09/11/2007 CVE: CVE-2007-3040 BID: 25566 OSVDB: 36934 Background Microsoft Agent is a component of the Windows operating system designed to make using a computer easier through enriched user interaction. Problem A vulnerability in Microsoft Agent allows command execution when a user loads ...

9.3CVSS6.4AI score0.57217EPSS
Exploits6
Saint
Saint
•added 2006/09/20 12:0 a.m.•72 views

Internet Explorer VML rect fill buffer overflow

Added: 09/20/2006 CVE: CVE-2006-4868 BID: 20096 OSVDB: 28946 Background Vector Markup Language VML is an XML-based format for vector graphics. Problem A buffer overflow in Internet Explorer when processing VML code allows remote command execution using a long fill parameter within a rect tag...

9.3CVSS7.2AI score0.62149EPSS
Exploits7
Saint
Saint
•added 2006/07/03 12:0 a.m.•72 views

IIS Unicode Directory Traversal

Added: 07/03/2006 CVE: CVE-2000-0884 BID: 1806 OSVDB: 436 Background Microsoft IIS is a web server for Windows platforms. Problem Microsoft IIS 4.0 and 5.0 allow path validation checks to be bypassed by encoding invalid characters in Unicode. For example, a slash character is represented as %c0%a...

7.5CVSS6.8AI score0.7055EPSS
Exploits4
Saint
Saint
•added 2006/04/25 12:0 a.m.•72 views

Internet Explorer DHTML object vulnerability

Added: 04/25/2006 CVE: CVE-2005-0553 BID: 13120 OSVDB: 15465 Background Dynamic HTML DHTML allows the creation of interactive web pages. Problem Race conditions in various DHTML methods could allow command execution when a specially crafted web page is loaded in Internet Explorer. Resolution Appl...

5.1CVSS7.5AI score0.50604EPSS
Exploits5
Saint
Saint
•added 2006/01/30 12:0 a.m.•72 views

FrontPage fp30reg.dll remote debug buffer overflow

Added: 01/30/2006 CVE: CVE-2003-0822 BID: 9007 OSVDB: 2952 Background Microsoft FrontPage Server Extensions includes a remote debugging function. Problem A buffer overflow in fp30reg.dll leads to a vulnerability in the remote debug function in FrontPage Server Extensions. A remote attacker could...

7.5CVSS7.4AI score0.83075EPSS
Exploits10
Saint
Saint
•added 2017/04/28 12:0 a.m.•71 views

Windows DCE-RPC MIBEntryGet vulnerability (ErraticGopher)

Added: 04/28/2017 Background Distributed Computing Environment - Remote Procedure Call DCE-RPC is the protocol used by Windows operating systems for calling program functions on remote targets. Problem A memory corruption vulnerability in the DCE-RPC MIBEntryGet call could allow remote attackers ...

8.5AI score
Exploits0
Saint
Saint
•added 2013/08/01 12:0 a.m.•71 views

Apache Struts DefaultActionMapper redirect Prefix Vulnerability

Added: 08/01/2013 CVE: CVE-2013-2251 BID: 61189 OSVDB: 95405 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Struts use...

9.8CVSS9.1AI score0.99998EPSS
Exploits18
Saint
Saint
•added 2013/07/11 12:0 a.m.•71 views

Oracle Java Serviceability Subcomponent ProviderSkeleton Class Vulnerability

Added: 07/11/2013 CVE: CVE-2013-2460 BID: 60635 OSVDB: 94346 Background Java is a programming language that compiles programs to bytecode, which is then executed inside a Java Virtual Machine. This is optimal for applications that must run on various hardware platforms, such as web applets. Probl...

9.3CVSS9.6AI score0.70248EPSS
Exploits9
Saint
Saint
•added 2012/07/23 12:0 a.m.•71 views

Oracle Java Runtime Hotspot Bytecode Verifier Type Confusion

Added: 07/23/2012 CVE: CVE-2012-1723 BID: 53960 OSVDB: 82877 Background Java is a programming language that compiles programs to bytecode, which is then executed inside a Java Virtual Machine. This is optimal for applications that must run on various hardware platforms, such as web applets. Probl...

10CVSS9.7AI score0.93688EPSS
Exploits9
Saint
Saint
•added 2012/02/06 12:0 a.m.•71 views

Windows Media MIDI Invalid Channel

Added: 02/06/2012 CVE: CVE-2012-0003 BID: 51292 OSVDB: 78210 Background Musical Instrument Digital Interface MIDI is an industry specification for encoding, storing, synchronizing, and transmitting the musical performance and control data of electronic musical instruments and other electronic...

9.3CVSS8.1AI score0.69499EPSS
Exploits12
Saint
Saint
•added 2012/01/05 12:0 a.m.•71 views

Blue Coat BCAAA Windows Service Stack Buffer Overflow

Added: 01/05/2012 BID: 47618 OSVDB: 72095 Background Blue Coat Authentication and Authorization Agent BCAAA is installed on a domain server and acts as an intermediary between a Blue Coat ProxySG and the domain. Problem The BCAAA Windows Service is vulnerable to a stack-based buffer overflow...

8.5AI score
Exploits0
Saint
Saint
•added 2011/06/07 12:0 a.m.•71 views

HP Data Protector Client EXEC_CMD Command Execution

Added: 06/07/2011 CVE: CVE-2011-0923 BID: 46234 OSVDB: 72526 Background HP OpenView Storage Data Protector is a backup solution for enterprise and distributed environments. Problem The HP Data Protector Client is vulnerable to remote code execution as a result of insufficient input validation of...

10CVSS7.3AI score0.81081EPSS
Exploits30
Saint
Saint
•added 2011/01/26 12:0 a.m.•71 views

CA ARCserve D2D Axis2 default password

Added: 01/26/2011 CVE: CVE-2010-0219 BID: 45625 OSVDB: 70233 Background CA ARCserve D2D is a disk-based backup solution. Problem CA ARCserve D2D deploys Axis2 with default credentials which can be used to gain unauthorized access to the web application server. By then uploading a specially crafte...

10CVSS9.2AI score0.89871EPSS
Exploits17
Saint
Saint
•added 2011/01/05 12:0 a.m.•71 views

SSH password weakness

Added: 01/05/2011 CVE: CVE-1999-0502 Background Passwords are the most commonly used method of authenticating users to a server. The combination of a login name and password is used to verify the identity of a user requesting access, and to determine what parts of the server the user has permissi...

7.5CVSS9.6AI score0.53618EPSS
Exploits41
Saint
Saint
•added 2010/05/25 12:0 a.m.•71 views

IBM Cognos Express Server Backdoor Account Remote Code Execution

Added: 05/25/2010 CVE: CVE-2010-0557 BID: 38084 OSVDB: 62118 Background IBM Cognos Express is an integrated business intelligence BI and planning solution which delivers the essential reporting, analysis, dashboard, scorecard, planning, budgeting and forecasting capabilities that midsize companie...

7.5CVSS6.4AI score0.51069EPSS
Exploits9
Saint
Saint
•added 2006/10/27 12:0 a.m.•71 views

Serv-U FTP Server MDTM timezone buffer overflow

Added: 10/27/2006 CVE: CVE-2004-0330 BID: 9751 OSVDB: 4073 Background Serv-U FTP Server supports the MDTM command which allows users to modify the time stamp on files. Problem A buffer overflow in Serv-U FTP Server allows remote authenticated attackers to execute arbitrary commands by sending the...

10CVSS7.6AI score0.8547EPSS
Exploits8
Saint
Saint
•added 2006/01/24 12:0 a.m.•71 views

Trend Micro ServerProtect Management Console isaNVWRequest.dll chunked POST buffer overflow

Added: 01/24/2006 CVE: CVE-2005-1929 BID: 15865 OSVDB: 21771 Background ServerProtect is a virus scanner for servers. Problem A buffer overflow in ServerProtect Management Console could allow a remote attacker to execute commands using a chunked POST request to isaNVWRequest.dll. Resolution Use t...

7.5CVSS7.3AI score0.04944EPSS
Exploits4
Saint
Saint
•added 2005/12/04 12:0 a.m.•71 views

VERITAS NetBackup Volume Manager Daemon buffer overflow

Added: 12/04/2005 CVE: CVE-2005-3116 BID: 15353 OSVDB: 20674 Background VERITAS NetBackup is a backup and recovery solution for multiple platforms. Problem The Volume Manager Daemon VMD has an error in its shared library allowing for a buffer overflow. A specially crafted request sent to port...

10CVSS6.7AI score0.27617EPSS
Exploits5
Saint
Saint
•added 2019/07/26 12:0 a.m.•70 views

Citrix SD-WAN Appliance SQL and command injection

Added: 07/26/2019 Background Citrix Software-defined wide-area network SD-WAN is a service that grants the enterprise with the ability to dynamically connect branch offices and data centers on a global scale. Problem Citrix SD-WAN 10.1.x and 10.2.x before 10.2.3 allow unauthenticated SQL injectio...

1.7AI score
Exploits0
Saint
Saint
•added 2014/07/24 12:0 a.m.•70 views

Microsoft Word RTF Object Confusion

Added: 07/24/2014 CVE: CVE-2014-1761 BID: 66385 OSVDB: 104895 Background Microsoft Office Word is Microsoft's word processing software, released as a component of Microsoft Office suite. Problem A buffer overflow exists due to an error in processing RTF files. The flaw is triggered by supplying a...

9.3CVSS7.9AI score0.7746EPSS
Exploits10
Saint
Saint
•added 2014/03/21 12:0 a.m.•70 views

HP Data Protector Backup Client Service EXEC_BAR Packet Vulnerability

Added: 03/21/2014 CVE: CVE-2013-2347 BID: 64647 OSVDB: 101626 Background HP OpenView Storage Data Protector is a backup solution for enterprise and distributed environments. HP Data Protector's Backup Client Service OmniInet.exe listens on TCP port 5555 for communications between managed systems...

10CVSS7.7AI score0.66409EPSS
Exploits14
Saint
Saint
•added 2013/08/01 12:0 a.m.•70 views

Apache Struts DefaultActionMapper redirect Prefix Vulnerability

Added: 08/01/2013 CVE: CVE-2013-2251 BID: 61189 OSVDB: 95405 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Struts use...

9.3CVSS9.1AI score0.99998EPSS
Exploits18
Saint
Saint
•added 2013/02/21 12:0 a.m.•70 views

Adobe Flash Player SWF Content Regular Expression Heap Overflow

Added: 02/21/2013 CVE: CVE-2013-0634 BID: 57788 OSVDB: 89936 Background Adobe Flash Player is a cross-platform browser plug-in providing visual enhancements for web pages. Problem The ActiveX version of Adobe Flash Player on Windows is vulnerable to heap buffer overflow because it does not proper...

9.3CVSS9.1AI score0.77597EPSS
Exploits10
Total number of security vulnerabilities4305