Lucene search
K
SaintMost viewed

4305 matches found

Saint
Saint
•added 2021/01/08 12:0 a.m.•64 views

Solaris SunSSH libpam buffer overflow

Added: 01/08/2021 Background SunSSH is a fork of OpenSSH for Solaris. It provides remote login capability on Solaris platforms. Problem A buffer overflow vulnerability in libpam could allow a remote attacker to execute arbitrary commands by sending a specially crafted authentication request to...

8.8AI score
Exploits0
Saint
Saint
•added 2018/02/28 12:0 a.m.•64 views

ASUSWRT vpnupload.cgi authentication bypass

Added: 02/28/2018 CVE: CVE-2018-5999 Background ASUSWRT is the firmware used in many ASUS devices. Problem The combination of two separate vulnerabilities in ASUSWRT allows remote attackers to execute arbitrary commands. The first vulnerability allows an unauthenticated user to make certain POST...

10CVSS9.9AI score0.8715EPSS
Exploits10
Saint
Saint
•added 2017/05/17 12:0 a.m.•64 views

PHPMailer Command Injection in WordPress Core via Exim

Added: 05/17/2017 BID: 95108 Background Wordpress is a free and open-source content management system CMS based on PHP and MySQL. WordPress uses PHPMailer, which is a PHP class used for sending email from PHP. PHPMailer provides an interface to the system's mail transfer agent MTA, such as...

9.8CVSS10AI score0.99714EPSS
Exploits58
Saint
Saint
•added 2013/09/04 12:0 a.m.•64 views

Java Runtime Environment java.awt.image.IntegerComponentRaster buffer overflow

Added: 09/04/2013 CVE: CVE-2013-2471 BID: 60659 OSVDB: 94357 Background The Java Runtime Environment JRE is part of the Java Development Kit JDK, a set of programming tools for developing Java applications. The Java Runtime Environment provides the minimum requirements for executing a Java...

10CVSS8.8AI score0.14749EPSS
Exploits4
Saint
Saint
•added 2013/07/09 12:0 a.m.•64 views

HP Data Protector opcode 259 buffer overflow

Added: 07/09/2013 CVE: CVE-2013-2329 BID: 60304 OSVDB: 93863 Background HP Data Protector is an automated data backup solution. Problem A buffer overflow vulnerability when handling requests with opcode 259 allows remote attackers to execute arbitrary commands. Resolution Apply a patch referenced...

10CVSS7.5AI score0.61043EPSS
Exploits4
Saint
Saint
•added 2013/04/19 12:0 a.m.•64 views

Honeywell HscRemoteDeploy.dll ActiveX Control vulnerability

Added: 04/19/2013 CVE: CVE-2013-0108 BID: 58134 OSVDB: 90583 Background Honeywell offers software solutions which integrate different systems and devices such as HVAC, security, safety, lighting, and energy into a common platform. Problem A vulnerability in multiple Honeywell products allows...

6.8CVSS6.5AI score0.26639EPSS
Exploits9
Saint
Saint
•added 2013/03/04 12:0 a.m.•64 views

Java MBeanInstantiator findClass and Introspector Sandbox Escape

Added: 03/04/2013 CVE: CVE-2013-0431 BID: 57726 OSVDB: 89613 Background Java is a programming language that compiles programs to bytecode, which is then executed inside a Java Virtual Machine. This is optimal for applications that must run on various hardware platforms, such as web applets. Probl...

10CVSS8.3AI score0.97612EPSS
Exploits44
Saint
Saint
•added 2012/12/21 12:0 a.m.•64 views

MySQL FILE privilege elevation

Added: 12/21/2012 CVE: CVE-2012-5613 BID: 56771 OSVDB: 88118 Background MySQL is an open-source database software package available for multiple platforms. Problem A database user who has FILE permission can write arbitrary files to the file system, leading to privilege elevation. Resolution Revo...

6CVSS5.2AI score0.31664EPSS
Exploits15
Saint
Saint
•added 2012/11/09 12:0 a.m.•64 views

CA ARCserve Backup Authentication service invalid virtual function call

Added: 11/09/2012 CVE: CVE-2012-2971 BID: 56116 OSVDB: 86416 Background CA ARCserve Backup formerly BrightStor ARCserve Backup is a backup and recovery solution. Problem An invalid virtual function call in the authentication service allows remote attackers to execute arbitrary commands. Resolutio...

7.5CVSS7.4AI score0.04053EPSS
Exploits4
Saint
Saint
•added 2011/12/16 12:0 a.m.•64 views

Smart Software Solutions CoDeSys Webserver URI Copying Stack Buffer Overflow

Added: 12/16/2011 CVE: CVE-2011-5007 BID: 50849 OSVDB: 77387 Background Smart Software Solutions GmbH 3S manufactures CoDeSys Web Server, a Supervisory Control and Data Acquisition/Human-Machine Interface SCADA/HMI product. The SCADA Web Server listens on TCP port 8080. Problem The CmpWebServer.d...

10CVSS7.3AI score0.72582EPSS
Exploits6
Saint
Saint
•added 2011/09/19 12:0 a.m.•64 views

EMC Autostart ftAgent Overflow

Added: 09/19/2011 CVE: CVE-2011-2735 BID: 49238 OSVDB: 74597 Background EMC AutoStart is a cross-platform high-availability clustering solution. Problem The Agent Service of EMC AutoStart listens on TCP port 8045 and is vulnerable to a heap overflow when parsing malformed messages with opcode 0x1...

7.9CVSS6.6AI score0.02335EPSS
Exploits4
Saint
Saint
•added 2011/04/21 12:0 a.m.•64 views

Adobe Flash Player callMethod Bytecode Memory Corruption

Added: 04/21/2011 CVE: CVE-2011-0611 BID: 47314 OSVDB: 71686 Background Adobe Flash Player is a cross-platform browser plug-in providing visual enhancements for web pages. Problem A memory corruption vulnerability allows command execution when the browser loads a specially crafted Small Web Forma...

9.3CVSS9.1AI score0.9941EPSS
Exploits14
Saint
Saint
•added 2009/08/27 12:0 a.m.•64 views

Microsoft Office Web Components DataSourceControl ActiveX Control memory allocation

Added: 08/27/2009 CVE: CVE-2009-0562 BID: 35990 OSVDB: 56914 Background Microsoft Office Web Components OWC are a group of OLE classes implemented as ActiveX controls. Problem A heap memory corruption vulnerability in the OWC10.DataSourceControl ActiveX control allows command execution when a use...

9.3CVSS6.5AI score0.2565EPSS
Exploits4
Saint
Saint
•added 2009/07/07 12:0 a.m.•64 views

Microsoft DirectShow Video Streaming ActiveX IMPEG2TuneRequest Overflow

Added: 07/07/2009 CVE: CVE-2008-0015 BID: 35558 OSVDB: 55651 Background DirectX is a feature of the Windows operating system used for streaming media. Within DirectX, the DirectShow technology performs client-side audio and video sourcing, manipulation and rendering. Problem A stack buffer overfl...

9.3CVSS9.7AI score0.76647EPSS
Exploits10
Saint
Saint
•added 2009/06/15 12:0 a.m.•64 views

Microsoft Works File Converter FontName buffer overflow

Added: 06/15/2009 CVE: CVE-2009-1533 BID: 35184 OSVDB: 54939 Background The Microsoft Works File Converter allows Microsoft Office to open Microsoft Works files. Problem A buffer overflow vulnerability in the Microsoft Works File Converter allows command execution when a user opens a WPS file...

9.3CVSS6.7AI score0.3562EPSS
Exploits5
Saint
Saint
•added 2009/04/10 12:0 a.m.•64 views

Oracle WebLogic Server IIS Connector JSESSIONID buffer overflow

Added: 04/10/2009 CVE: CVE-2008-5457 BID: 33177 Background Oracle WebLogic Server formerly BEA WebLogic Server is a Java web application platform. Problem A buffer overflow vulnerability in the WebLogic IIS connector allows remote attackers to execute arbitrary commands by sending a long, special...

10CVSS7.6AI score0.61309EPSS
Exploits12
Saint
Saint
•added 2008/05/08 12:0 a.m.•64 views

Adobe Photoshop Album Starter Edition BMP image header buffer overflow

Added: 05/08/2008 CVE: CVE-2008-1765 BID: 28874 OSVDB: 44579 Background Adobe Photoshop Album Starter Edition is free software for editing and sharing photos. Problem A buffer overflow vulnerability in Adobe Photoshop Album Starter Edition allows command execution when a user opens a BMP image fi...

9.3CVSS7.1AI score0.19962EPSS
Exploits6
Saint
Saint
•added 2007/04/03 12:0 a.m.•64 views

MERCUR imapd NTLMSSP

Added: 04/03/2007 CVE: CVE-2007-1578 BID: 23058 OSVDB: 33545 Background MERCUR Messaging Server is an e-mail server supporting the SMTP, POP3, and IMAP protocols for Windows platforms. Problem A buffer overflow vulnerability in MERCUR Messaging Server allows remote attackers to execute arbitrary...

10CVSS7.8AI score0.16309EPSS
Exploits5
Saint
Saint
•added 2007/02/16 12:0 a.m.•64 views

VERITAS NetBackup bpcd daemon command chaining vulnerability

Added: 02/16/2007 CVE: CVE-2006-4902 BID: 21565 OSVDB: 31334 Background VERITAS NetBackup is a backup and recovery solution for multiple platforms. Problem The NetBackup bpcd daemon fails to properly validate chained commands. A remote attacker could execute arbitrary commands by appending the...

10CVSS7.3AI score0.04235EPSS
Exploits4
Saint
Saint
•added 2007/02/07 12:0 a.m.•64 views

Internet Explorer VML integer overflow

Added: 02/07/2007 CVE: CVE-2007-0024 BID: 21930 OSVDB: 31250 Background Vector Markup Language VML is an XML-based format for vector graphics. Problem An integer overflow vulnerability in vgx.dll when processing VML elements in a web page allows arbitrary command execution. Resolution Apply the...

9.3CVSS6.8AI score0.46488EPSS
Exploits5
Saint
Saint
•added 2006/12/08 12:0 a.m.•64 views

BrightStor ARCserve Discovery service 9b command buffer overflow

Added: 12/08/2006 CVE: CVE-2006-6379 BID: 21502 OSVDB: 30775 Background The BrightStor ARCserve Backup server includes a discovery service which listens on ports 41523/TCP and 41524/UDP. Problem A buffer overflow vulnerability in the ASBRDCST.DLL library allows remote attackers to execute arbitra...

7.5CVSS7.9AI score0.2094EPSS
Exploits4
Saint
Saint
•added 2006/05/17 12:0 a.m.•64 views

FreeSSHd key exchange buffer overflow

Added: 05/17/2006 CVE: CVE-2006-2407 BID: 17958 OSVDB: 25463 Background freeSSHd is a free SSH server based on WeOnlyDo wodSSHServer. Problem wodSSHServer and its derivatives, including freeSSHd, are affected by a buffer overflow vulnerability in the key exchange algorithm. A remote attacker can...

7.5CVSS7.5AI score0.71375EPSS
Exploits11
Saint
Saint
•added 2006/05/04 12:0 a.m.•64 views

Windows Metafile rendering buffer overflow

Added: 05/04/2006 CVE: CVE-2004-0209 BID: 11375 OSVDB: 10692 Background A Windows Metafile image is a 16-bit metafile format that can contain both vector information and bitmap information. Problem A buffer overflow in the Windows Graphics Rendering Engine allows command execution when a malforme...

10CVSS6.7AI score0.62054EPSS
Exploits8
Saint
Saint
•added 2006/04/14 12:0 a.m.•64 views

VERITAS NetBackup vnetd bpspsserver buffer overflow

Added: 04/14/2006 CVE: CVE-2006-0991 BID: 17264 OSVDB: 24170 Background VERITAS NetBackup is a backup and recovery solution for multiple platforms. Problem A buffer overflow in bpspsserver allows a remote attacker to execute arbitrary commands by sending a specially crafted Request Service messag...

7.1CVSS7.8AI score0.10972EPSS
Exploits4
Saint
Saint
•added 2006/03/13 12:0 a.m.•64 views

phpRPC decode function command execution

Added: 03/13/2006 CVE: CVE-2006-1032 BID: 16833 OSVDB: 23514 Background phpRPC is an xmlrpc library written in PHP supporting most databases. Problem A vulnerability in the decode function allows a remote attacker to execute arbitrary PHP commands placed inside a tag. Resolution phpRPC is no long...

7.5CVSS7.4AI score0.03484EPSS
Exploits6
Saint
Saint
•added 2020/11/27 12:0 a.m.•63 views

Apache Struts double OGNL evaluation

Added: 11/27/2020 CVE: CVE-2019-0230 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Struts uses Object-Graph Navigatio...

9.8CVSS9.8AI score0.97399EPSS
Exploits15
Saint
Saint
•added 2016/08/30 12:0 a.m.•63 views

NETGEAR ReadyNAS Surveillance Command Execution

Added: 08/30/2016 CVE: CVE-2016-5674 BID: 92318 Background NETGEAR ReadyNAS Surveillance combines their storage and switching solution NETGEAR ReadyNAS Network Attached Storage system with network video recording software from NUUO to provide an affordable surveillance solution for small...

10CVSS8.4AI score0.9461EPSS
Exploits11
Saint
Saint
•added 2016/05/06 12:0 a.m.•63 views

Apache Struts Dynamic Method Invocation command execution

Added: 05/06/2016 CVE: CVE-2016-3081 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. The Dynamic Method Invocation...

9.3CVSS8.3AI score0.9373EPSS
Exploits12
Saint
Saint
•added 2013/10/23 12:0 a.m.•63 views

McAfee Web Reporter JBoss EJBInvokerServlet Marshalled Object Code Execution

Added: 10/23/2013 CVE: CVE-2013-4810 BID: 62854 OSVDB: 97153 Background McAfee Web Reporter analyzes logs from a variety of proxy sources to provide real-time views into web traffic, including extensive drill-down capabilities and powerful off-line processing. Problem McAfee Web Reporter is...

10CVSS9.9AI score0.79003EPSS
Exploits5
Saint
Saint
•added 2013/09/19 12:0 a.m.•63 views

HP LeftHand Virtual SAN Appliance hydra Ping Hostname Overflow

Added: 09/19/2013 CVE: CVE-2012-3285 BID: 57754 OSVDB: 89919 Background HP LeftHand Virtual SAN Appliance VSA software is a VMware certified SAN/storage device and virtual appliance that provides complete SAN functionality for VMware Infrastructure without external SAN hardware. Problem HP LeftHa...

10CVSS7.9AI score0.08695EPSS
Exploits4
Saint
Saint
•added 2013/04/04 12:0 a.m.•63 views

Java Runtime Environment Color Management memory overwrite

Added: 04/04/2013 CVE: CVE-2013-1493 BID: 58238 OSVDB: 90737 Background The Java Runtime Environment JRE is part of the Java Development Kit JDK, a set of programming tools for developing Java applications. The Java Runtime Environment provides the minimum requirements for executing a Java...

10CVSS9.8AI score0.86151EPSS
Exploits10
Saint
Saint
•added 2013/01/14 12:0 a.m.•63 views

Java MBeanInstantiator.findClass and Recursive Reflection Sandbox Escape

Added: 01/14/2013 CVE: CVE-2013-0422 BID: 57246 OSVDB: 89059 Background Java is a programming language that compiles programs to bytecode, which is then executed inside a Java Virtual Machine. This is optimal for applications that must run on various hardware platforms, such as web applets. Probl...

10CVSS10AI score0.97612EPSS
Exploits38
Saint
Saint
•added 2012/12/27 12:0 a.m.•63 views

IBM Cognos TM1 and Express Admin Server Buffer Overflow

Added: 12/27/2012 CVE: CVE-2012-0202 BID: 52847 OSVDB: 80876 Background IBM Cognos TM1 is enterprise planning software for planning, budgeting, forecasting and analysis. IBM Cognos Express is an integrated business intelligence BI and planning solution which delivers the essential reporting,...

10CVSS7.2AI score0.5485EPSS
Exploits8
Saint
Saint
•added 2012/01/10 12:0 a.m.•63 views

Chrome Password Grabber

Added: 01/10/2012 Background This tool grabs the saved passwords in the Chrome browser of the target's logged in user. Limitations Password Hash Grabber works on Windows targets. A connection to the target is required to run this tool. The target must have the .NET runtime 2.0 or higher. Platform...

0.1AI score
Exploits0
Saint
Saint
•added 2011/11/28 12:0 a.m.•63 views

Measuresoft ScadaPro xf Command Execution

Added: 11/28/2011 CVE: CVE-2011-3490 BID: 49613 OSVDB: 75490 Background ScadaPro is Real Time Data Acquisition software for Microsoft Windows. Problem ScadaPro version 4.0.0 and prior runs a legacy network service on UDP port 11234. This service contains multiple stack overflow and remote command...

10CVSS7.2AI score0.36429EPSS
Exploits5
Saint
Saint
•added 2011/06/19 12:0 a.m.•63 views

Tom Sawyer GET Extension Factory COM Object Instantiation Memory Corruption

Added: 06/19/2011 CVE: CVE-2011-2217 BID: 48099 Background Tom Sawyer Software produces a variety of data visualization, layout, and analysis tools. Problem Certain ActiveX controls in tsgetxu71ex552.dll and tsgetx71ex552.dll in Tom Sawyer GET Extension Factory 5.5.2.237, as used in VI Client...

9.3CVSS7.1AI score0.41956EPSS
Exploits9
Saint
Saint
•added 2011/04/17 12:0 a.m.•63 views

7-Technologies Interactive Graphical SCADA System Remote Code Execution

Added: 04/17/2011 CVE: CVE-2011-1567 BID: 46936 Background 7-Technologies Interactive Graphical SCADA System IGSS is a SCADA solution used mainly in Denmark and the US. Problem 7T IGSS server contains multiple stack overflows, a format string vulnerability, a remote command execution vulnerabilit...

10CVSS6.6AI score0.69618EPSS
Exploits10
Saint
Saint
•added 2010/10/04 12:0 a.m.•63 views

Java Runtime CMM readMabCurveData Buffer Overflow

Added: 10/04/2010 CVE: CVE-2010-0838 BID: 39069 OSVDB: 63500 Background Oracle Java SE and Java for Business are development platforms for developing and deploying Java applications. They include the Java SE Development Kit JDK and the Java Runtime Environment JRE. The JRE provides the minimum...

7.5CVSS9.7AI score0.149EPSS
Exploits9
Saint
Saint
•added 2010/06/10 12:0 a.m.•63 views

Informix Dynamic Server librpc.dll credentials length buffer overflow

Added: 06/10/2010 CVE: CVE-2009-2753 BID: 38471 OSVDB: 62783 Background Informix Dynamic Server is a database solution from IBM. It includes a portmapper service which listens for connections on port 36890/TCP and uses librpc.dll. Problem A buffer overflow vulnerability in librpc.dll allows remot...

10CVSS7.9AI score0.10923EPSS
Exploits4
Saint
Saint
•added 2009/08/12 12:0 a.m.•63 views

Windows Telnet credential reflection

Added: 08/12/2009 CVE: CVE-2009-1930 BID: 35993 OSVDB: 56904 Background Microsoft Windows operating systems come with a telnet service. This service prompts a user to provide a login name and password. Following successful authentication, the server displays a shell prompt, allowing the user to r...

10CVSS9.7AI score0.41388EPSS
Exploits5
Saint
Saint
•added 2009/03/10 12:0 a.m.•63 views

Citect SCADA ODBC Service Overflow

Added: 03/10/2009 CVE: CVE-2008-2639 BID: 29634 OSVDB: 46105 Background The CitectSCADA and CitectFacilities applications include ODBC server capabilities to provide remote SQL access to a relational database. The ODBC Server component listens on port 20222/tcp by default. Problem A buffer overfl...

7.6CVSS7.7AI score0.77717EPSS
Exploits12
Saint
Saint
•added 2009/02/27 12:0 a.m.•63 views

Adobe Reader JBIG2 image stream buffer overflow

Added: 02/27/2009 CVE: CVE-2009-0658 BID: 33751 OSVDB: 52073 Background Adobe Acrobat is software for creating PDF documents. Adobe Reader is free software for viewing PDF documents. Problem A buffer overflow vulnerability allows command execution when a user opens a PDF file containing a special...

9.3CVSS8.2AI score0.87719EPSS
Exploits7
Saint
Saint
•added 2008/11/28 12:0 a.m.•63 views

GoodTech SSH Server SFTP buffer overflow

Added: 11/28/2008 CVE: CVE-2008-4726 BID: 31879 OSVDB: 49249 Background GoodTech SSH Server is an SSH Server providing secure remote console, secure file transfer, and secure port forwarding capabilities for Windows platforms. Problem Buffer overflow vulnerabilities in GoodTech SSH Server allow...

9CVSS7.6AI score0.44252EPSS
Exploits6
Saint
Saint
•added 2007/01/17 12:0 a.m.•63 views

Microsoft PowerPoint malformed data record vulnerability

Added: 01/17/2007 CVE: CVE-2006-3876 BID: 20322 OSVDB: 29447 Background Microsoft PowerPoint is presentation software included in the Microsoft Office desktop suite. Problem Improper handling of malformed Data records in PowerPoint files allows command execution. Resolution Apply the patch...

9.3CVSS6.3AI score0.11423EPSS
Exploits4
Saint
Saint
•added 2006/09/08 12:0 a.m.•63 views

TikiWiki file upload vulnerability (jhot.php)

Added: 09/08/2006 CVE: CVE-2006-4602 BID: 19819 OSVDB: 28456 Background TikiWiki is a multi-purpose web content management system written in PHP. Problem The jhot.php script allows remote attackers to upload arbitrary PHP commands into the img/wiki directory. The commands can then be executed by...

7.5CVSS6.8AI score0.42596EPSS
Exploits8
Saint
Saint
•added 2006/02/17 12:0 a.m.•63 views

Microsoft IIS .HTR ISAPI chunked encoding buffer overflow

Added: 02/17/2006 CVE: CVE-2002-0364 BID: 4855 OSVDB: 5316 Background Microsoft IIS web servers include ISAPI extensions which are invoked in the server process to handle requests of a given type. Problem A heap overflow in IIS 4.0 and 5.0 when processing chunked encoding transfers of HTR request...

7.5CVSS6.8AI score0.23901EPSS
Exploits4
Saint
Saint
•added 2006/02/01 12:0 a.m.•63 views

Citrix Program Neighborhood name buffer overflow

Added: 02/01/2006 CVE: CVE-2005-3652 BID: 15907 OSVDB: 21816 Background Citrix Presentation Server, formerly Citrix MetaFrame, allows applications to be deployed across a network to various client platforms, including Windows, Unix, Macintosh, DOS, and OS/2. The Program Neighborhood Agent running...

7.5CVSS6.8AI score0.15967EPSS
Exploits4
Saint
Saint
•added 2021/09/20 12:0 a.m.•62 views

Atlassian Confluence Server OGNL Remote Code Execution

Added: 09/20/2021 Background Atlassian Confluence is a collaboration and knowledge management application. Problem Atlassian Confluence has an OGNL injection vulnerability that would allow an unauthenticated user to execute arbitrary code on a Confluence Server. Resolution Upgrade to Confluence...

8.6AI score
Exploits0
Saint
Saint
•added 2020/01/13 12:0 a.m.•62 views

Citrix ADC and Gateway directory traversal and XML file upload

Added: 01/13/2020 Background Citrix ADC formerly NetScaler ADC is an application delivery and load balancing platform. Citrix Gateway formerly NetScaler Unified Gateway is a secure workspace access and single sign-on solution. Problem A directory traversal vulnerability allows remote attackers to...

8.4AI score
Exploits0
Saint
Saint
•added 2016/11/11 12:0 a.m.•62 views

Ruby on Rails Dynamic Render code execution

Added: 11/11/2016 CVE: CVE-2016-0752 BID: 81801 Background Ruby on Rails is a web application framework written in Ruby. Problem A vulnerability in Ruby on Rails allows arbitrary code to be uploaded and executed on the server if the application endpoint users dynamic render paths. Resolution...

5CVSS6.7AI score0.95537EPSS
Exploits11
Total number of security vulnerabilities4305