4305 matches found
Solaris SunSSH libpam buffer overflow
Added: 01/08/2021 Background SunSSH is a fork of OpenSSH for Solaris. It provides remote login capability on Solaris platforms. Problem A buffer overflow vulnerability in libpam could allow a remote attacker to execute arbitrary commands by sending a specially crafted authentication request to...
ASUSWRT vpnupload.cgi authentication bypass
Added: 02/28/2018 CVE: CVE-2018-5999 Background ASUSWRT is the firmware used in many ASUS devices. Problem The combination of two separate vulnerabilities in ASUSWRT allows remote attackers to execute arbitrary commands. The first vulnerability allows an unauthenticated user to make certain POST...
PHPMailer Command Injection in WordPress Core via Exim
Added: 05/17/2017 BID: 95108 Background Wordpress is a free and open-source content management system CMS based on PHP and MySQL. WordPress uses PHPMailer, which is a PHP class used for sending email from PHP. PHPMailer provides an interface to the system's mail transfer agent MTA, such as...
Java Runtime Environment java.awt.image.IntegerComponentRaster buffer overflow
Added: 09/04/2013 CVE: CVE-2013-2471 BID: 60659 OSVDB: 94357 Background The Java Runtime Environment JRE is part of the Java Development Kit JDK, a set of programming tools for developing Java applications. The Java Runtime Environment provides the minimum requirements for executing a Java...
HP Data Protector opcode 259 buffer overflow
Added: 07/09/2013 CVE: CVE-2013-2329 BID: 60304 OSVDB: 93863 Background HP Data Protector is an automated data backup solution. Problem A buffer overflow vulnerability when handling requests with opcode 259 allows remote attackers to execute arbitrary commands. Resolution Apply a patch referenced...
Honeywell HscRemoteDeploy.dll ActiveX Control vulnerability
Added: 04/19/2013 CVE: CVE-2013-0108 BID: 58134 OSVDB: 90583 Background Honeywell offers software solutions which integrate different systems and devices such as HVAC, security, safety, lighting, and energy into a common platform. Problem A vulnerability in multiple Honeywell products allows...
Java MBeanInstantiator findClass and Introspector Sandbox Escape
Added: 03/04/2013 CVE: CVE-2013-0431 BID: 57726 OSVDB: 89613 Background Java is a programming language that compiles programs to bytecode, which is then executed inside a Java Virtual Machine. This is optimal for applications that must run on various hardware platforms, such as web applets. Probl...
MySQL FILE privilege elevation
Added: 12/21/2012 CVE: CVE-2012-5613 BID: 56771 OSVDB: 88118 Background MySQL is an open-source database software package available for multiple platforms. Problem A database user who has FILE permission can write arbitrary files to the file system, leading to privilege elevation. Resolution Revo...
CA ARCserve Backup Authentication service invalid virtual function call
Added: 11/09/2012 CVE: CVE-2012-2971 BID: 56116 OSVDB: 86416 Background CA ARCserve Backup formerly BrightStor ARCserve Backup is a backup and recovery solution. Problem An invalid virtual function call in the authentication service allows remote attackers to execute arbitrary commands. Resolutio...
Smart Software Solutions CoDeSys Webserver URI Copying Stack Buffer Overflow
Added: 12/16/2011 CVE: CVE-2011-5007 BID: 50849 OSVDB: 77387 Background Smart Software Solutions GmbH 3S manufactures CoDeSys Web Server, a Supervisory Control and Data Acquisition/Human-Machine Interface SCADA/HMI product. The SCADA Web Server listens on TCP port 8080. Problem The CmpWebServer.d...
EMC Autostart ftAgent Overflow
Added: 09/19/2011 CVE: CVE-2011-2735 BID: 49238 OSVDB: 74597 Background EMC AutoStart is a cross-platform high-availability clustering solution. Problem The Agent Service of EMC AutoStart listens on TCP port 8045 and is vulnerable to a heap overflow when parsing malformed messages with opcode 0x1...
Adobe Flash Player callMethod Bytecode Memory Corruption
Added: 04/21/2011 CVE: CVE-2011-0611 BID: 47314 OSVDB: 71686 Background Adobe Flash Player is a cross-platform browser plug-in providing visual enhancements for web pages. Problem A memory corruption vulnerability allows command execution when the browser loads a specially crafted Small Web Forma...
Microsoft Office Web Components DataSourceControl ActiveX Control memory allocation
Added: 08/27/2009 CVE: CVE-2009-0562 BID: 35990 OSVDB: 56914 Background Microsoft Office Web Components OWC are a group of OLE classes implemented as ActiveX controls. Problem A heap memory corruption vulnerability in the OWC10.DataSourceControl ActiveX control allows command execution when a use...
Microsoft DirectShow Video Streaming ActiveX IMPEG2TuneRequest Overflow
Added: 07/07/2009 CVE: CVE-2008-0015 BID: 35558 OSVDB: 55651 Background DirectX is a feature of the Windows operating system used for streaming media. Within DirectX, the DirectShow technology performs client-side audio and video sourcing, manipulation and rendering. Problem A stack buffer overfl...
Microsoft Works File Converter FontName buffer overflow
Added: 06/15/2009 CVE: CVE-2009-1533 BID: 35184 OSVDB: 54939 Background The Microsoft Works File Converter allows Microsoft Office to open Microsoft Works files. Problem A buffer overflow vulnerability in the Microsoft Works File Converter allows command execution when a user opens a WPS file...
Oracle WebLogic Server IIS Connector JSESSIONID buffer overflow
Added: 04/10/2009 CVE: CVE-2008-5457 BID: 33177 Background Oracle WebLogic Server formerly BEA WebLogic Server is a Java web application platform. Problem A buffer overflow vulnerability in the WebLogic IIS connector allows remote attackers to execute arbitrary commands by sending a long, special...
Adobe Photoshop Album Starter Edition BMP image header buffer overflow
Added: 05/08/2008 CVE: CVE-2008-1765 BID: 28874 OSVDB: 44579 Background Adobe Photoshop Album Starter Edition is free software for editing and sharing photos. Problem A buffer overflow vulnerability in Adobe Photoshop Album Starter Edition allows command execution when a user opens a BMP image fi...
MERCUR imapd NTLMSSP
Added: 04/03/2007 CVE: CVE-2007-1578 BID: 23058 OSVDB: 33545 Background MERCUR Messaging Server is an e-mail server supporting the SMTP, POP3, and IMAP protocols for Windows platforms. Problem A buffer overflow vulnerability in MERCUR Messaging Server allows remote attackers to execute arbitrary...
VERITAS NetBackup bpcd daemon command chaining vulnerability
Added: 02/16/2007 CVE: CVE-2006-4902 BID: 21565 OSVDB: 31334 Background VERITAS NetBackup is a backup and recovery solution for multiple platforms. Problem The NetBackup bpcd daemon fails to properly validate chained commands. A remote attacker could execute arbitrary commands by appending the...
Internet Explorer VML integer overflow
Added: 02/07/2007 CVE: CVE-2007-0024 BID: 21930 OSVDB: 31250 Background Vector Markup Language VML is an XML-based format for vector graphics. Problem An integer overflow vulnerability in vgx.dll when processing VML elements in a web page allows arbitrary command execution. Resolution Apply the...
BrightStor ARCserve Discovery service 9b command buffer overflow
Added: 12/08/2006 CVE: CVE-2006-6379 BID: 21502 OSVDB: 30775 Background The BrightStor ARCserve Backup server includes a discovery service which listens on ports 41523/TCP and 41524/UDP. Problem A buffer overflow vulnerability in the ASBRDCST.DLL library allows remote attackers to execute arbitra...
FreeSSHd key exchange buffer overflow
Added: 05/17/2006 CVE: CVE-2006-2407 BID: 17958 OSVDB: 25463 Background freeSSHd is a free SSH server based on WeOnlyDo wodSSHServer. Problem wodSSHServer and its derivatives, including freeSSHd, are affected by a buffer overflow vulnerability in the key exchange algorithm. A remote attacker can...
Windows Metafile rendering buffer overflow
Added: 05/04/2006 CVE: CVE-2004-0209 BID: 11375 OSVDB: 10692 Background A Windows Metafile image is a 16-bit metafile format that can contain both vector information and bitmap information. Problem A buffer overflow in the Windows Graphics Rendering Engine allows command execution when a malforme...
VERITAS NetBackup vnetd bpspsserver buffer overflow
Added: 04/14/2006 CVE: CVE-2006-0991 BID: 17264 OSVDB: 24170 Background VERITAS NetBackup is a backup and recovery solution for multiple platforms. Problem A buffer overflow in bpspsserver allows a remote attacker to execute arbitrary commands by sending a specially crafted Request Service messag...
phpRPC decode function command execution
Added: 03/13/2006 CVE: CVE-2006-1032 BID: 16833 OSVDB: 23514 Background phpRPC is an xmlrpc library written in PHP supporting most databases. Problem A vulnerability in the decode function allows a remote attacker to execute arbitrary PHP commands placed inside a tag. Resolution phpRPC is no long...
Apache Struts double OGNL evaluation
Added: 11/27/2020 CVE: CVE-2019-0230 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Struts uses Object-Graph Navigatio...
NETGEAR ReadyNAS Surveillance Command Execution
Added: 08/30/2016 CVE: CVE-2016-5674 BID: 92318 Background NETGEAR ReadyNAS Surveillance combines their storage and switching solution NETGEAR ReadyNAS Network Attached Storage system with network video recording software from NUUO to provide an affordable surveillance solution for small...
Apache Struts Dynamic Method Invocation command execution
Added: 05/06/2016 CVE: CVE-2016-3081 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. The Dynamic Method Invocation...
McAfee Web Reporter JBoss EJBInvokerServlet Marshalled Object Code Execution
Added: 10/23/2013 CVE: CVE-2013-4810 BID: 62854 OSVDB: 97153 Background McAfee Web Reporter analyzes logs from a variety of proxy sources to provide real-time views into web traffic, including extensive drill-down capabilities and powerful off-line processing. Problem McAfee Web Reporter is...
HP LeftHand Virtual SAN Appliance hydra Ping Hostname Overflow
Added: 09/19/2013 CVE: CVE-2012-3285 BID: 57754 OSVDB: 89919 Background HP LeftHand Virtual SAN Appliance VSA software is a VMware certified SAN/storage device and virtual appliance that provides complete SAN functionality for VMware Infrastructure without external SAN hardware. Problem HP LeftHa...
Java Runtime Environment Color Management memory overwrite
Added: 04/04/2013 CVE: CVE-2013-1493 BID: 58238 OSVDB: 90737 Background The Java Runtime Environment JRE is part of the Java Development Kit JDK, a set of programming tools for developing Java applications. The Java Runtime Environment provides the minimum requirements for executing a Java...
Java MBeanInstantiator.findClass and Recursive Reflection Sandbox Escape
Added: 01/14/2013 CVE: CVE-2013-0422 BID: 57246 OSVDB: 89059 Background Java is a programming language that compiles programs to bytecode, which is then executed inside a Java Virtual Machine. This is optimal for applications that must run on various hardware platforms, such as web applets. Probl...
IBM Cognos TM1 and Express Admin Server Buffer Overflow
Added: 12/27/2012 CVE: CVE-2012-0202 BID: 52847 OSVDB: 80876 Background IBM Cognos TM1 is enterprise planning software for planning, budgeting, forecasting and analysis. IBM Cognos Express is an integrated business intelligence BI and planning solution which delivers the essential reporting,...
Chrome Password Grabber
Added: 01/10/2012 Background This tool grabs the saved passwords in the Chrome browser of the target's logged in user. Limitations Password Hash Grabber works on Windows targets. A connection to the target is required to run this tool. The target must have the .NET runtime 2.0 or higher. Platform...
Measuresoft ScadaPro xf Command Execution
Added: 11/28/2011 CVE: CVE-2011-3490 BID: 49613 OSVDB: 75490 Background ScadaPro is Real Time Data Acquisition software for Microsoft Windows. Problem ScadaPro version 4.0.0 and prior runs a legacy network service on UDP port 11234. This service contains multiple stack overflow and remote command...
Tom Sawyer GET Extension Factory COM Object Instantiation Memory Corruption
Added: 06/19/2011 CVE: CVE-2011-2217 BID: 48099 Background Tom Sawyer Software produces a variety of data visualization, layout, and analysis tools. Problem Certain ActiveX controls in tsgetxu71ex552.dll and tsgetx71ex552.dll in Tom Sawyer GET Extension Factory 5.5.2.237, as used in VI Client...
7-Technologies Interactive Graphical SCADA System Remote Code Execution
Added: 04/17/2011 CVE: CVE-2011-1567 BID: 46936 Background 7-Technologies Interactive Graphical SCADA System IGSS is a SCADA solution used mainly in Denmark and the US. Problem 7T IGSS server contains multiple stack overflows, a format string vulnerability, a remote command execution vulnerabilit...
Java Runtime CMM readMabCurveData Buffer Overflow
Added: 10/04/2010 CVE: CVE-2010-0838 BID: 39069 OSVDB: 63500 Background Oracle Java SE and Java for Business are development platforms for developing and deploying Java applications. They include the Java SE Development Kit JDK and the Java Runtime Environment JRE. The JRE provides the minimum...
Informix Dynamic Server librpc.dll credentials length buffer overflow
Added: 06/10/2010 CVE: CVE-2009-2753 BID: 38471 OSVDB: 62783 Background Informix Dynamic Server is a database solution from IBM. It includes a portmapper service which listens for connections on port 36890/TCP and uses librpc.dll. Problem A buffer overflow vulnerability in librpc.dll allows remot...
Windows Telnet credential reflection
Added: 08/12/2009 CVE: CVE-2009-1930 BID: 35993 OSVDB: 56904 Background Microsoft Windows operating systems come with a telnet service. This service prompts a user to provide a login name and password. Following successful authentication, the server displays a shell prompt, allowing the user to r...
Citect SCADA ODBC Service Overflow
Added: 03/10/2009 CVE: CVE-2008-2639 BID: 29634 OSVDB: 46105 Background The CitectSCADA and CitectFacilities applications include ODBC server capabilities to provide remote SQL access to a relational database. The ODBC Server component listens on port 20222/tcp by default. Problem A buffer overfl...
Adobe Reader JBIG2 image stream buffer overflow
Added: 02/27/2009 CVE: CVE-2009-0658 BID: 33751 OSVDB: 52073 Background Adobe Acrobat is software for creating PDF documents. Adobe Reader is free software for viewing PDF documents. Problem A buffer overflow vulnerability allows command execution when a user opens a PDF file containing a special...
GoodTech SSH Server SFTP buffer overflow
Added: 11/28/2008 CVE: CVE-2008-4726 BID: 31879 OSVDB: 49249 Background GoodTech SSH Server is an SSH Server providing secure remote console, secure file transfer, and secure port forwarding capabilities for Windows platforms. Problem Buffer overflow vulnerabilities in GoodTech SSH Server allow...
Microsoft PowerPoint malformed data record vulnerability
Added: 01/17/2007 CVE: CVE-2006-3876 BID: 20322 OSVDB: 29447 Background Microsoft PowerPoint is presentation software included in the Microsoft Office desktop suite. Problem Improper handling of malformed Data records in PowerPoint files allows command execution. Resolution Apply the patch...
TikiWiki file upload vulnerability (jhot.php)
Added: 09/08/2006 CVE: CVE-2006-4602 BID: 19819 OSVDB: 28456 Background TikiWiki is a multi-purpose web content management system written in PHP. Problem The jhot.php script allows remote attackers to upload arbitrary PHP commands into the img/wiki directory. The commands can then be executed by...
Microsoft IIS .HTR ISAPI chunked encoding buffer overflow
Added: 02/17/2006 CVE: CVE-2002-0364 BID: 4855 OSVDB: 5316 Background Microsoft IIS web servers include ISAPI extensions which are invoked in the server process to handle requests of a given type. Problem A heap overflow in IIS 4.0 and 5.0 when processing chunked encoding transfers of HTR request...
Citrix Program Neighborhood name buffer overflow
Added: 02/01/2006 CVE: CVE-2005-3652 BID: 15907 OSVDB: 21816 Background Citrix Presentation Server, formerly Citrix MetaFrame, allows applications to be deployed across a network to various client platforms, including Windows, Unix, Macintosh, DOS, and OS/2. The Program Neighborhood Agent running...
Atlassian Confluence Server OGNL Remote Code Execution
Added: 09/20/2021 Background Atlassian Confluence is a collaboration and knowledge management application. Problem Atlassian Confluence has an OGNL injection vulnerability that would allow an unauthenticated user to execute arbitrary code on a Confluence Server. Resolution Upgrade to Confluence...
Citrix ADC and Gateway directory traversal and XML file upload
Added: 01/13/2020 Background Citrix ADC formerly NetScaler ADC is an application delivery and load balancing platform. Citrix Gateway formerly NetScaler Unified Gateway is a secure workspace access and single sign-on solution. Problem A directory traversal vulnerability allows remote attackers to...
Ruby on Rails Dynamic Render code execution
Added: 11/11/2016 CVE: CVE-2016-0752 BID: 81801 Background Ruby on Rails is a web application framework written in Ruby. Problem A vulnerability in Ruby on Rails allows arbitrary code to be uploaded and executed on the server if the application endpoint users dynamic render paths. Resolution...