Lucene search
K
SaintMost viewed

4304 matches found

Saint
Saint
•added 2017/01/05 12:0 a.m.•59 views

PHPMailer PwnScriptum Remote Code Execution

Added: 01/05/2017 BID: 95108 Background PHPMailer is a PHP class used for sending email from PHP. It is used by many open-source projects, e.g., WordPress, Drupal, and Joomla. Problem PHPMailer class mailSend function is vulnerable to command injection due to failure to properly sanitize the...

9.8CVSS10AI score0.99714EPSS
Exploits58
Saint
Saint
•added 2013/11/18 12:0 a.m.•59 views

Symantec Altiris DS SQL injection

Added: 11/18/2013 CVE: CVE-2008-2286 BID: 29198 OSVDB: 45313 Background Altiris Deployment Solution DS is software for managing the configuration of machines on a network. Problem An SQL injection vulnerability allows remote attackers to execute arbitrary commands by sending a specially crafted...

7.5CVSS8.1AI score0.32678EPSS
Exploits9
Saint
Saint
•added 2013/08/30 12:0 a.m.•59 views

Oracle Java Runtime Environment AWT storeImageArray Vulnerability

Added: 08/30/2013 CVE: CVE-2013-2465 BID: 60657 OSVDB: 94339 Background Java Runtime Environment JRE allows end users to run Java applications. Problem A buffer overflow vulnerability in the storeImageArray function of the Abstract Window Toolkit AWT library awt.dll allows command execution when ...

10CVSS8.3AI score0.98704EPSS
Exploits10
Saint
Saint
•added 2012/02/28 12:0 a.m.•59 views

Java Runtime Environment MixerSequence Function Pointer Control

Added: 02/28/2012 CVE: CVE-2010-0842 BID: 39077 OSVDB: 63493 Background The Java Runtime Environment JRE is part of the Java Development Kit JDK, a set of programming tools for developing Java applications. The Java Runtime Environment provides the minimum requirements for executing a Java...

7.5CVSS8.9AI score0.77721EPSS
Exploits9
Saint
Saint
•added 2011/05/05 12:0 a.m.•59 views

Oracle Java Applet2ClassLoader Vulnerability

Added: 05/05/2011 CVE: CVE-2010-4452 BID: 46388 OSVDB: 71193 Background Java is a programming language that compiles programs to bytecode, which is then executed inside a Java Virtual Machine. This is optimal for applications that must run on various hardware platforms, such as web applets. Probl...

10CVSS9.6AI score0.8316EPSS
Exploits11
Saint
Saint
•added 2009/10/27 12:0 a.m.•59 views

Adobe Reader FlateDecode filter TIFF Predictor integer overflow

Added: 10/27/2009 CVE: CVE-2009-3459 BID: 36600 OSVDB: 58729 Background Adobe Reader is free software for viewing PDF documents. Problem An integer overflow in the FlateDecode filter in Adobe Reader allows command execution when a user opens a PDF file containing specially crafted compressed...

9.3CVSS6.7AI score0.86468EPSS
Exploits12
Saint
Saint
•added 2009/04/23 12:0 a.m.•59 views

Microsoft WordPad Word97 text converter buffer overflow

Added: 04/23/2009 CVE: CVE-2009-0235 BID: 34470 OSVDB: 53664 Background The Microsoft WordPad Word 97 text converter allows Windows users who do not have Microsoft Word to open Word 97 files. Problem A buffer overflow vulnerability in the Word 97 text converter allows command execution when a use...

9.3CVSS6.7AI score0.33616EPSS
Exploits5
Saint
Saint
•added 2008/08/27 12:0 a.m.•59 views

FlashGet FTP PWD buffer overflow

Added: 08/27/2008 CVE: CVE-2008-4321 BID: 30685 OSVDB: 47457 Background FlashGet is an FTP client formerly known as JetCar. Problem A buffer overflow in FlashGet allows command execution when a user connects to an FTP server which sends a specially crafted PWD response. Resolution Use a different...

9.3CVSS7AI score0.05737EPSS
Exploits5
Saint
Saint
•added 2007/08/17 12:0 a.m.•59 views

Internet Explorer tblinf32.dll ActiveX IObjectsafety vulnerability

Added: 08/17/2007 CVE: CVE-2007-2216 BID: 25289 OSVDB: 36396 Background The IObjectsafety interface provides methods to get and set safety options for objects which support untrusted clients. Problem The tblinf32.dll ActiveX control implements IObjectsafety incorrectly, allowing execution of code...

9.3CVSS6.8AI score0.41388EPSS
Exploits5
Saint
Saint
•added 2006/11/17 12:0 a.m.•59 views

Microsoft XMLHTTP ActiveX control setRequestHeader vulnerability

Added: 11/17/2006 CVE: CVE-2006-5745 BID: 20915 OSVDB: 30208 Background Microsoft XML Core Services includes the XMLHTTP ActiveX control, which allows web pages to send and receive XML data. Problem A memory corruption vulnerability in the XMLHTTP ActiveX control allows command execution when a...

7.6CVSS6.5AI score0.75946EPSS
Exploits7
Saint
Saint
•added 2021/09/20 12:0 a.m.•58 views

Atlassian Confluence Server OGNL Remote Code Execution

Added: 09/20/2021 Background Atlassian Confluence is a collaboration and knowledge management application. Problem Atlassian Confluence has an OGNL injection vulnerability that would allow an unauthenticated user to execute arbitrary code on a Confluence Server. Resolution Upgrade to Confluence...

8.6AI score
Exploits0
Saint
Saint
•added 2019/02/27 12:0 a.m.•58 views

Drupal REST module command execution

Added: 02/27/2019 CVE: CVE-2019-6340 BID: 107106 Background Drupal is an open-source content management system written in PHP. Problem The Drupal REST module does not properly sanitize input from non-form sources, allowing an attacker to execute arbitrary code. Resolution Upgrade to Drupal 8.5.11...

8.1CVSS8.5AI score0.91919EPSS
Exploits22
Saint
Saint
•added 2015/02/25 12:0 a.m.•58 views

Radia Client Automation radexecd.exe command injection

Added: 02/25/2015 CVE: CVE-2015-1497 BID: 72612 OSVDB: 118382 Background Radia Client Automation is an endpoint management solution. Problem The radexecd.exe daemon does not properly authenticate or sanitize user requests, allowing remote attackers to execute arbitrary commands. Resolution Use th...

10CVSS9.7AI score0.75116EPSS
Exploits16
Saint
Saint
•added 2015/02/25 12:0 a.m.•58 views

Radia Client Automation radexecd.exe command injection

Added: 02/25/2015 CVE: CVE-2015-1497 BID: 72612 OSVDB: 118382 Background Radia Client Automation is an endpoint management solution. Problem The radexecd.exe daemon does not properly authenticate or sanitize user requests, allowing remote attackers to execute arbitrary commands. Resolution Use th...

10CVSS7.1AI score0.75116EPSS
Exploits16
Saint
Saint
•added 2013/02/11 12:0 a.m.•58 views

Schneider Electric Interactive Graphical SCADA System Data Collector Overflow

Added: 02/11/2013 CVE: CVE-2013-0657 BID: 57449 OSVDB: 89324 Background Schneider Electric Interactive Graphical SCADA System IGSS is a supervisory control and data acquisition SCADA system designed to monitor and control industrial processes. The Data Collector DC.exe component listens on port...

10CVSS7.5AI score0.21262EPSS
Exploits8
Saint
Saint
•added 2013/01/28 12:0 a.m.•58 views

Nagios 3 history.cgi Command Injection

Added: 01/28/2013 CVE: CVE-2012-6096 BID: 56879 OSVDB: 88322 Background Nagios is a network host and service monitoring and management system. Problem The Nagios history.cgi script is vulnerable to a stack overflow when parsing the host parameter. This may allow an attacker to execute arbitrary...

7.5CVSS7.2AI score0.6645EPSS
Exploits15
Saint
Saint
•added 2012/07/17 12:0 a.m.•58 views

Oracle AutoVue SetMarkupMode ActiveX Overflow

Added: 07/17/2012 CVE: CVE-2012-0549 BID: 53077 OSVDB: 81439 Background Oracle AutoVue Enterprise Visualization is a suite of Oracle products designed to deliver a web-based capability to access, view, digitally annotate and collaborate on technical and business documents, without requiring...

7.5CVSS6.4AI score0.59413EPSS
Exploits10
Saint
Saint
•added 2011/11/23 12:0 a.m.•58 views

Microsoft SharePoint Office Document Load Balancer SOAP Vulnerability

Added: 11/23/2011 CVE: CVE-2010-3964 BID: 45264 OSVDB: 69817 Background Microsoft SharePoint is a web application platform that provides web content management and document management as an aid to collaboration among users. SharePoint's multi-purpose design allows for managing and provisioning of...

7.5CVSS7.1AI score0.93916EPSS
Exploits9
Saint
Saint
•added 2010/10/04 12:0 a.m.•58 views

Java Runtime CMM readMabCurveData Buffer Overflow

Added: 10/04/2010 CVE: CVE-2010-0838 BID: 39069 OSVDB: 63500 Background Oracle Java SE and Java for Business are development platforms for developing and deploying Java applications. They include the Java SE Development Kit JDK and the Java Runtime Environment JRE. The JRE provides the minimum...

7.5CVSS9.8AI score0.149EPSS
Exploits9
Saint
Saint
•added 2010/07/22 12:0 a.m.•58 views

Microsoft Office Excel Malformed Obj Record Stack Buffer Overflow

Added: 07/22/2010 CVE: CVE-2010-0822 BID: 40520 OSVDB: 65236 Background Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows and Macintosh platforms. Problem Microsoft Excel is vulnerable to a buffer overflow when processing malformed OBJ recType...

9.3CVSS7.4AI score0.70121EPSS
Exploits21
Saint
Saint
•added 2010/06/18 12:0 a.m.•58 views

HP Operations Manager hidden Tomcat account

Added: 06/18/2010 CVE: CVE-2009-3843 BID: 37086 OSVDB: 60317 Background HP Operations Manager is a consolidated event and performance management console that correlates infrastructure, network and end-user experience events across an IT infrastructure. Problem A hidden Apache Tomcat account allow...

10CVSS9.8AI score0.78968EPSS
Exploits12
Saint
Saint
•added 2009/11/06 12:0 a.m.•58 views

HP Power Manager Remote Code Execution

Added: 11/06/2009 CVE: CVE-2009-2685 BID: 36933 OSVDB: 59684 Background HP Power Manager is a web-based application that enables administrators to manage an HP UPS from a browser-based management console. Problem A stack-based buffer overflow in the HP Power Manager management web server allows...

10CVSS7AI score0.76706EPSS
Exploits9
Saint
Saint
•added 2008/02/15 12:0 a.m.•58 views

BrightStor ARCserve Backup LGServer directory traversal

Added: 02/15/2008 CVE: CVE-2007-5005 BID: 24348 OSVDB: 41350 Background BrightStor ARCserve Backup for Laptops and Desktops is an automated backup solution optimized for low-bandwidth, intermittent network connections. Problem A directory traversal vulnerability in rxRPC.dll in the...

10CVSS6.9AI score0.0524EPSS
Exploits5
Saint
Saint
•added 2008/01/07 12:0 a.m.•58 views

Adobe Flash Player ActionScript launch command execution

Added: 01/07/2008 CVE: CVE-2008-5499 BID: 32896 OSVDB: 50796 Background Adobe Flash Player is a cross-platform browser plug-in providing visual enhancements for web pages. Problem An input validation vulnerability allows command execution when the browser loads an SWF file which contains shell...

9.3CVSS6.4AI score0.79426EPSS
Exploits11
Saint
Saint
•added 2006/06/30 12:0 a.m.•58 views

Windows RRAS memory corruption vulnerability

Added: 06/30/2006 CVE: CVE-2006-2370 BID: 18325 OSVDB: 26437 Background The Routing and Remote Access Service RRAS allows a Windows computer to act as a router, dial-up access server, VPN server, or network address translator. Problem A buffer overflow in RRAS allows remote attackers to execute...

7.5CVSS9.9AI score0.72969EPSS
Exploits18
Saint
Saint
•added 2006/06/05 12:0 a.m.•58 views

Internet Explorer Javaprxy.dll heap overflow

Added: 06/05/2006 CVE: CVE-2005-2087 BID: 14087 OSVDB: 17680 Background Windows operating systems use the Component Object Model COM to allow various program components to be run within different applications. One such object, the JView Profiler Javaprxy.dll, is a debugger interface for Microsoft...

5CVSS6.7AI score0.61372EPSS
Exploits4
Saint
Saint
•added 2006/05/08 12:0 a.m.•58 views

Apache chunked encoding buffer overflow

Added: 05/08/2006 CVE: CVE-2002-0392 BID: 5033 OSVDB: 838 Background Apache web servers support chunked encoding, which is used by a web client to send data to the server in parts, or chunks. Problem A flaw in the calculation of the size of chunked encoding leads to a buffer overflow, allowing...

7.5CVSS6.6AI score0.95027EPSS
Exploits8
Saint
Saint
•added 2020/02/10 12:0 a.m.•57 views

OpenSMTPD MAIL FROM command injection

Added: 02/10/2020 CVE: CVE-2020-7247 Background OpenSMTPD is a free SMTP implementation. It comes with the OpenBSD operating system but is also available for other platforms. Problem The smtpmailaddr function does not properly sanitize user input, allowing remote attackers to inject arbitrary...

10CVSS9.8AI score0.98946EPSS
Exploits27
Saint
Saint
•added 2019/11/25 12:0 a.m.•57 views

Cisco Prime Infrastructure Health Monitor tar file directory traversal

Added: 11/25/2019 CVE: CVE-2019-1821 BID: 108339 Background Cisco Prime Infrastructure is a management system of wireless and wired networks. Problem A vulnerability in Cisco Prime Infrastructure Health Monitor allows a remote attacker to execute arbitrary commands by uploading a specially crafte...

10CVSS8.7AI score0.98092EPSS
Exploits12
Saint
Saint
•added 2019/01/18 12:0 a.m.•57 views

Horde Imp Unauthenticated Remote Command Execution

Added: 01/18/2019 BID: 106018 Background The IMP is a web-based mail client for IMAP and POP3 accounts. It is built atop the Horde Application Framework, which is a general-purpose web application library written in PHP. Problem A vulnerability in Horde IMP could allow unauthenticated command...

0.8AI score
Exploits0
Saint
Saint
•added 2014/04/17 12:0 a.m.•57 views

Internet Explorer CMarkup Object Handling Use-after-free Vulnerability

Added: 04/17/2014 CVE: CVE-2014-0322 BID: 65551 OSVDB: 103354 Background Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems. Problem Microsoft Internet Explorer 9 and 10 contain a use-after-free vulnerability in the CMarkup component of the MSHTML...

9.3CVSS9.1AI score0.85239EPSS
Exploits23
Saint
Saint
•added 2013/12/09 12:0 a.m.•57 views

ABB MicroSCADA wserver.exe command execution

Added: 12/09/2013 BID: 63901 OSVDB: 100324 Background MicroSCADA Pro is a substation automation product from ABB. Problem A vulnerability in the wserver.exe process allows remote attackers to execute arbitrary commands by sending an EXECUTE request to port 12221/TCP. Resolution Disable wserver.ex...

1.5AI score
Exploits0
Saint
Saint
•added 2013/08/22 12:0 a.m.•57 views

Mozilla Firefox onreadystatechange Event Use After Free

Added: 08/22/2013 CVE: CVE-2013-1690 BID: 60778 OSVDB: 94584 Background Firefox is a freely available web browser for multiple platforms including Windows, Linux, and Mac OS. Problem A use-after-free vulnerability is triggered when handling onreadystatechange events and Event or Page reloads at t...

9.3CVSS9.3AI score0.69021EPSS
Exploits9
Saint
Saint
•added 2013/04/01 12:0 a.m.•57 views

Sami FTP Server LIST command buffer overflow

Added: 04/01/2013 BID: 58247 OSVDB: 90815 Background Sami FTP Server is an FTP server for Windows. Problem Sami FTP Server is affected by a buffer overflow vulnerability. A remote attacker could exploit this vulnerability by sending a long, specially crafted LIST command to the server, resulting ...

0.1AI score
Exploits0
Saint
Saint
•added 2013/03/04 12:0 a.m.•57 views

Java MBeanInstantiator findClass and Introspector Sandbox Escape

Added: 03/04/2013 CVE: CVE-2013-0431 BID: 57726 OSVDB: 89613 Background Java is a programming language that compiles programs to bytecode, which is then executed inside a Java Virtual Machine. This is optimal for applications that must run on various hardware platforms, such as web applets. Probl...

10CVSS8.3AI score0.97612EPSS
Exploits44
Saint
Saint
•added 2013/02/15 12:0 a.m.•57 views

Ruby on Rails XML Processor YAML Deserialization

Added: 02/15/2013 CVE: CVE-2013-0156 BID: 57187 OSVDB: 89026 Background Ruby on Rails is a full stack, Web application framework optimized for sustainable programming productivity, allowing writing sound code by favoring convention over configuration. Problem Ruby on Rails versions prior to 2.3.1...

7.5CVSS7.7AI score0.99449EPSS
Exploits21
Saint
Saint
•added 2012/11/23 12:0 a.m.•57 views

Java JAX-WS gmbal package sandbox breach

Added: 11/23/2012 CVE: CVE-2012-5076 BID: 56054 OSVDB: 86350 Background Java API for XML Web Services JAX-WS is a technology for developing web services in Java. It is included in the Java EE 5 platform. Problem A vulnerability in JAX-WS when handling the gmbal package allows code execution outsi...

10CVSS9.6AI score0.91013EPSS
Exploits18
Saint
Saint
•added 2012/08/30 12:0 a.m.•57 views

Oracle Java findMethod findClass Security Bypass

Added: 08/30/2012 CVE: CVE-2012-4681 BID: 55213 OSVDB: 84867 Background Java is a programming language that compiles programs to bytecode, which is then executed inside a Java Virtual Machine. This is optimal for applications that must run on various hardware platforms, such as web applets. Probl...

10CVSS10AI score0.98536EPSS
Exploits10
Saint
Saint
•added 2012/07/23 12:0 a.m.•57 views

Oracle Java Runtime Hotspot Bytecode Verifier Type Confusion

Added: 07/23/2012 CVE: CVE-2012-1723 BID: 53960 OSVDB: 82877 Background Java is a programming language that compiles programs to bytecode, which is then executed inside a Java Virtual Machine. This is optimal for applications that must run on various hardware platforms, such as web applets. Probl...

10CVSS9.7AI score0.93688EPSS
Exploits9
Saint
Saint
•added 2012/07/17 12:0 a.m.•57 views

Oracle AutoVue SetMarkupMode ActiveX Overflow

Added: 07/17/2012 CVE: CVE-2012-0549 BID: 53077 OSVDB: 81439 Background Oracle AutoVue Enterprise Visualization is a suite of Oracle products designed to deliver a web-based capability to access, view, digitally annotate and collaborate on technical and business documents, without requiring...

7.5CVSS6.4AI score0.59413EPSS
Exploits10
Saint
Saint
•added 2012/06/18 12:0 a.m.•57 views

Microsoft .NET Framework Memory Access Vulnerability

Added: 06/18/2012 CVE: CVE-2012-1855 BID: 53861 OSVDB: 82859 Background The .NET Framework is a software framework for Microsoft Windows. It includes a large class library that provides user interface, data access, database connectivity, cryptography, web application development, numeric...

9.3CVSS7.4AI score0.20496EPSS
Exploits4
Saint
Saint
•added 2012/03/08 12:0 a.m.•57 views

Adobe Flash Player MP4 Copyright Statement Overflow

Added: 03/08/2012 CVE: CVE-2012-0754 BID: 52034 OSVDB: 79300 Background Adobe Flash Player is a cross-platform browser plug-in providing visual enhancements for web pages. Problem Flash Player version prior to 11.1.102.62 do not properly validate the Copyright statement key CPRT in the tag...

10CVSS8.1AI score0.9203EPSS
Exploits11
Saint
Saint
•added 2011/12/16 12:0 a.m.•57 views

Smart Software Solutions CoDeSys Webserver URI Copying Stack Buffer Overflow

Added: 12/16/2011 CVE: CVE-2011-5007 BID: 50849 OSVDB: 77387 Background Smart Software Solutions GmbH 3S manufactures CoDeSys Web Server, a Supervisory Control and Data Acquisition/Human-Machine Interface SCADA/HMI product. The SCADA Web Server listens on TCP port 8080. Problem The CmpWebServer.d...

10CVSS7.2AI score0.73201EPSS
Exploits6
Saint
Saint
•added 2011/07/27 12:0 a.m.•57 views

Mozilla Firefox nsTreeRange Use After Free

Added: 07/27/2011 CVE: CVE-2011-0073 BID: 47663 OSVDB: 72087 Background Firefox is a freely available web browser for multiple platforms including Windows, Linux, and Mac OS. Problem Mozilla Firefox and SeaMonkey are prone to a remote code execution vulnerability caused by accessing previously...

10CVSS9.9AI score0.70005EPSS
Exploits5
Saint
Saint
•added 2010/12/22 12:0 a.m.•57 views

Microsoft Internet Explorer CSS Import Use-After-Free Code Execution

Added: 12/22/2010 CVE: CVE-2010-3971 BID: 45246 OSVDB: 69796 Background Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems. Cascading Style Sheets CSS is a simple mechanism for adding style to web documents. Problem Microsoft Internet Explorer is...

9.3CVSS9.6AI score0.81663EPSS
Exploits9
Saint
Saint
•added 2010/10/04 12:0 a.m.•57 views

Java Runtime CMM readMabCurveData Buffer Overflow

Added: 10/04/2010 CVE: CVE-2010-0838 BID: 39069 OSVDB: 63500 Background Oracle Java SE and Java for Business are development platforms for developing and deploying Java applications. They include the Java SE Development Kit JDK and the Java Runtime Environment JRE. The JRE provides the minimum...

7.5CVSS9.7AI score0.149EPSS
Exploits9
Saint
Saint
•added 2009/11/27 12:0 a.m.•57 views

Java Runtime Environment AWT setDiffICM buffer overflow

Added: 11/27/2009 CVE: CVE-2009-3869 BID: 36881 OSVDB: 59710 Background Java Runtime Environment JRE allows end users to run Java applications. Problem A buffer overflow vulnerability in the setDiffICM function of the Abstract Window Toolkit AWT allows command execution when a user loads a...

9.3CVSS9.9AI score0.65461EPSS
Exploits9
Saint
Saint
•added 2009/07/14 12:0 a.m.•57 views

Microsoft Office Web Components OWC.Spreadsheet Evaluate method vulnerability

Added: 07/14/2009 CVE: CVE-2009-1136 BID: 35642 OSVDB: 55806 Background Microsoft Office Web Components OWC are a group of OLE classes implemented as ActiveX controls. Problem A memory corruption vulnerability allows command execution when a web page passes a specially crafted parameter to the...

9.3CVSS6.4AI score0.6202EPSS
Exploits11
Saint
Saint
•added 2009/05/07 12:0 a.m.•57 views

Windows SMB credential reflection vulnerability

Added: 05/07/2009 CVE: CVE-2008-4037 BID: 7385 OSVDB: 49736 Background The Server Message Block SMB protocol is a file sharing protocol implemented in Microsoft Windows. NTLM is a challenge/response-based authentication protocol. Problem An NTLM credential reflection vulnerability allows a remote...

9.3CVSS6.6AI score0.59136EPSS
Exploits9
Saint
Saint
•added 2008/11/13 12:0 a.m.•57 views

Adobe Acrobat and Reader JavaScript buffer overflow

Added: 11/13/2008 CVE: CVE-2007-5659 BID: 27641 OSVDB: 41495 Background Adobe Acrobat is software for creating PDF documents. Adobe Reader is free software for viewing PDF documents. Problem Buffer overflow vulnerabilities in several JavaScript functions allow command execution when a user loads ...

9.3CVSS9.3AI score0.94222EPSS
Exploits9
Total number of security vulnerabilities4304