Lucene search
K
SaintMost viewed

4305 matches found

Saint
Saint
•added 2009/02/25 12:0 a.m.•60 views

Oracle 9i Release 2 XDB HTTP Pass Overflow

Added: 02/25/2009 CVE: CVE-2003-0727 BID: 8375 OSVDB: 2449 Background Oracle 9i release 2 includes the XDB HTTP service which by default listens on port 8080. Problem A buffer overflow vulnerability in the parsing of credentials passed to the server allows remote attackers to execute arbitrary...

2.1CVSS7.6AI score0.68395EPSS
Exploits26
Saint
Saint
•added 2008/12/19 12:0 a.m.•60 views

Visual FoxPro vfp6r.dll ActiveX Control DoCmd command execution

Added: 12/19/2008 CVE: CVE-2008-0236 BID: 27205 OSVDB: 40380 Background Visual FoxPro is a tool for developing database applications. Problem The vfp6r.dll ActiveX control allows command execution when a user opens a web page which uses the DoCmd method. Resolution Set the kill bit for class ID...

5.8CVSS6.4AI score0.17384EPSS
Exploits5
Saint
Saint
•added 2008/06/06 12:0 a.m.•60 views

Lotus Notes Applix Graphics viewer BEGIN tag buffer overflow

Added: 06/06/2008 CVE: CVE-2007-5405 BID: 28454 OSVDB: 44194 Background Lotus Notes is the client for Lotus Domino servers. Lotus Notes uses the Autonomy KeyView library to display Applix Graphics .ag attachments. Problem A buffer overflow vulnerability when parsing the initial BEGIN tag in an...

9.3CVSS6.7AI score0.05741EPSS
Exploits4
Saint
Saint
•added 2008/04/09 12:0 a.m.•60 views

Windows GDI EMF filename buffer overflow

Added: 04/09/2008 CVE: CVE-2008-1087 BID: 28570 OSVDB: 44215 Background The Windows Graphics Device Interface GDI interacts with graphics device drivers on behalf of applications. Problem A buffer overflow in Windows GDI allows command execution when a user opens a specially crafted EMF file...

9.3CVSS6.8AI score0.56603EPSS
Exploits5
Saint
Saint
•added 2007/12/07 12:0 a.m.•60 views

MacroVision InstallShield Update Service isusweb.dll unsafe method

Added: 12/07/2007 CVE: CVE-2007-5660 BID: 26280 OSVDB: 38347 Background MacroVision InstallShield is software for creating installers or software packages. Problem Several unsafe methods in the Update Service ActiveX control allow command execution when a user loads a specially crafted web page...

9.3CVSS6.5AI score0.36619EPSS
Exploits12
Saint
Saint
•added 2006/11/17 12:0 a.m.•60 views

Microsoft XMLHTTP ActiveX control setRequestHeader vulnerability

Added: 11/17/2006 CVE: CVE-2006-5745 BID: 20915 OSVDB: 30208 Background Microsoft XML Core Services includes the XMLHTTP ActiveX control, which allows web pages to send and receive XML data. Problem A memory corruption vulnerability in the XMLHTTP ActiveX control allows command execution when a...

7.6CVSS6.5AI score0.75946EPSS
Exploits7
Saint
Saint
•added 2006/01/09 12:0 a.m.•60 views

sadmind AUTH_SYS authentication vulnerability

Added: 01/09/2006 CVE: CVE-2003-0722 BID: 8615 OSVDB: 4585 Background sadmind is a service which coordinates distributed system administration operations remotely. The Sun Solstice AdminSuite runs sadmind with the AUTHSYS authentication method by default. Problem The sadmind running with the...

10CVSS7.4AI score0.85678EPSS
Exploits9
Saint
Saint
•added 2005/11/29 12:0 a.m.•60 views

MailEnable IMAP mailbox name buffer overflow

Added: 11/29/2005 CVE: CVE-2005-3690 BID: 15492 OSVDB: 20929 Background MailEnable is a mail server for Windows platforms. The standard edition supports the SMTP and POP3 protocols. MailEnable Professional and MailEnable Enterprise also support IMAP and HTTPMail. Problem A buffer overflow in the...

7.5CVSS7.5AI score0.05174EPSS
Exploits4
Saint
Saint
•added 2005/11/28 12:0 a.m.•60 views

IIS Double Decoding Directory Traversal

Added: 11/28/2005 CVE: CVE-2001-0333 BID: 2708 OSVDB: 556 Background Microsoft IIS is a web server for Windows platforms. Problem Microsoft IIS 4.0 and 5.0 allow path validation checks to be bypassed by URL-encoding invalid characters twice. Thus, a backslash is first represented as %5c, and then...

7.5CVSS6.7AI score0.9077EPSS
Exploits8
Saint
Saint
•added 2019/11/25 12:0 a.m.•59 views

Cisco Prime Infrastructure Health Monitor tar file directory traversal

Added: 11/25/2019 CVE: CVE-2019-1821 BID: 108339 Background Cisco Prime Infrastructure is a management system of wireless and wired networks. Problem A vulnerability in Cisco Prime Infrastructure Health Monitor allows a remote attacker to execute arbitrary commands by uploading a specially crafte...

10CVSS8.7AI score0.98092EPSS
Exploits12
Saint
Saint
•added 2019/02/27 12:0 a.m.•59 views

Drupal REST module command execution

Added: 02/27/2019 CVE: CVE-2019-6340 BID: 107106 Background Drupal is an open-source content management system written in PHP. Problem The Drupal REST module does not properly sanitize input from non-form sources, allowing an attacker to execute arbitrary code. Resolution Upgrade to Drupal 8.5.11...

8.1CVSS8.5AI score0.92017EPSS
Exploits22
Saint
Saint
•added 2016/11/11 12:0 a.m.•59 views

Ruby on Rails Dynamic Render code execution

Added: 11/11/2016 CVE: CVE-2016-0752 BID: 81801 Background Ruby on Rails is a web application framework written in Ruby. Problem A vulnerability in Ruby on Rails allows arbitrary code to be uploaded and executed on the server if the application endpoint users dynamic render paths. Resolution...

7.5CVSS6.8AI score0.95537EPSS
Exploits11
Saint
Saint
•added 2015/02/25 12:0 a.m.•59 views

Radia Client Automation radexecd.exe command injection

Added: 02/25/2015 CVE: CVE-2015-1497 BID: 72612 OSVDB: 118382 Background Radia Client Automation is an endpoint management solution. Problem The radexecd.exe daemon does not properly authenticate or sanitize user requests, allowing remote attackers to execute arbitrary commands. Resolution Use th...

10CVSS9.7AI score0.75116EPSS
Exploits16
Saint
Saint
•added 2015/02/25 12:0 a.m.•59 views

Radia Client Automation radexecd.exe command injection

Added: 02/25/2015 CVE: CVE-2015-1497 BID: 72612 OSVDB: 118382 Background Radia Client Automation is an endpoint management solution. Problem The radexecd.exe daemon does not properly authenticate or sanitize user requests, allowing remote attackers to execute arbitrary commands. Resolution Use th...

10CVSS7.1AI score0.75116EPSS
Exploits16
Saint
Saint
•added 2013/07/11 12:0 a.m.•59 views

Oracle Java Serviceability Subcomponent ProviderSkeleton Class Vulnerability

Added: 07/11/2013 CVE: CVE-2013-2460 BID: 60635 OSVDB: 94346 Background Java is a programming language that compiles programs to bytecode, which is then executed inside a Java Virtual Machine. This is optimal for applications that must run on various hardware platforms, such as web applets. Probl...

9.3CVSS9.6AI score0.70248EPSS
Exploits9
Saint
Saint
•added 2012/11/26 12:0 a.m.•59 views

Webmin show.cgi Open Function Call Command Execution

Added: 11/26/2012 CVE: CVE-2012-2982 BID: 55446 OSVDB: 85248 Background Webmin is a web-based interface for system administration of Unix systems. The Webmin web server listens by default on port 10000/tcp. Problem Webmin 1.59 and earlier are vulnerable to remote code execution as a result of...

6.5CVSS7.2AI score0.61925EPSS
Exploits10
Saint
Saint
•added 2012/02/28 12:0 a.m.•59 views

Java Runtime Environment MixerSequence Function Pointer Control

Added: 02/28/2012 CVE: CVE-2010-0842 BID: 39077 OSVDB: 63493 Background The Java Runtime Environment JRE is part of the Java Development Kit JDK, a set of programming tools for developing Java applications. The Java Runtime Environment provides the minimum requirements for executing a Java...

7.5CVSS8.9AI score0.77721EPSS
Exploits9
Saint
Saint
•added 2012/01/13 12:0 a.m.•59 views

Splunk Search Jobs Remote Code Execution

Added: 01/13/2012 CVE: CVE-2011-4642 BID: 51061 OSVDB: 77695 Background Splunk collects, indexes and harnesses the massive volumes of valuable machine data generated by your complex IT infrastructure, whether physical, virtual or in the cloud. Problem Splunk allows users to perform search actions...

4.6CVSS6.9AI score0.28928EPSS
Exploits7
Saint
Saint
•added 2011/05/27 12:0 a.m.•59 views

Novell ZENworks Asset Management File Upload Traversal

Added: 05/27/2011 CVE: CVE-2010-4229 BID: 47295 OSVDB: 71872 Background Novell ZENworks is a resource management solution consisting of a management server and management agents. Problem The Asset Management module ZAM of ZENworks version 10.3 prior to 10.3.2 and version 11 fail to validate the...

10CVSS6.5AI score0.25428EPSS
Exploits5
Saint
Saint
•added 2011/05/05 12:0 a.m.•59 views

Oracle Java Applet2ClassLoader Vulnerability

Added: 05/05/2011 CVE: CVE-2010-4452 BID: 46388 OSVDB: 71193 Background Java is a programming language that compiles programs to bytecode, which is then executed inside a Java Virtual Machine. This is optimal for applications that must run on various hardware platforms, such as web applets. Probl...

10CVSS9.6AI score0.8316EPSS
Exploits11
Saint
Saint
•added 2011/01/14 12:0 a.m.•59 views

Windows Thumbnail View CreateSizedDIBSECTION buffer overflow

Added: 01/14/2011 CVE: CVE-2010-3970 BID: 45662 OSVDB: 70263 Background The shimgvw.dll library is part of the Microsoft Graphics Rendering Engine. Problem A vulnerability in shimgvw.dll allows command execution when Windows renders a thumbnail image which passes a specially crafted biClrUsed...

9.3CVSS6.3AI score0.67687EPSS
Exploits10
Saint
Saint
•added 2010/08/05 12:0 a.m.•59 views

Apache Struts2 XWork ParameterInterceptor security bypass

Added: 08/05/2010 CVE: CVE-2010-1870 BID: 41592 OSVDB: 66280 Background Apache Struts is a Java web application framework. Apache Struts version 2 is based on WebWork 2. WebWork 2 uses XWork to invoke actions based on HTTP parameter names. The ParameterInterceptor component of XWork runs the...

5CVSS9.9AI score0.91079EPSS
Exploits22
Saint
Saint
•added 2010/07/22 12:0 a.m.•59 views

Microsoft Office Excel Malformed Obj Record Stack Buffer Overflow

Added: 07/22/2010 CVE: CVE-2010-0822 BID: 40520 OSVDB: 65236 Background Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows and Macintosh platforms. Problem Microsoft Excel is vulnerable to a buffer overflow when processing malformed OBJ recType...

9.3CVSS7.4AI score0.70121EPSS
Exploits21
Saint
Saint
•added 2010/02/16 12:0 a.m.•59 views

Eureka Email POP3 Error Stack Buffer Overflow

Added: 02/16/2010 CVE: CVE-2009-3837 OSVDB: 59262 Background Eureka Email is an e-mail client with built-in junk e-mail filtering. Problem A malicious POP3 mail server can send a long error message to the Eureka Email client, causing a stack buffer overflow. Resolution Upgrade when a fix becomes...

9.3CVSS6.5AI score0.32071EPSS
Exploits8
Saint
Saint
•added 2009/11/27 12:0 a.m.•59 views

Java Runtime Environment AWT setDiffICM buffer overflow

Added: 11/27/2009 CVE: CVE-2009-3869 BID: 36881 OSVDB: 59710 Background Java Runtime Environment JRE allows end users to run Java applications. Problem A buffer overflow vulnerability in the setDiffICM function of the Abstract Window Toolkit AWT allows command execution when a user loads a...

9.3CVSS9.9AI score0.65461EPSS
Exploits9
Saint
Saint
•added 2009/06/15 12:0 a.m.•59 views

Microsoft Works File Converter FontName buffer overflow

Added: 06/15/2009 CVE: CVE-2009-1533 BID: 35184 OSVDB: 54939 Background The Microsoft Works File Converter allows Microsoft Office to open Microsoft Works files. Problem A buffer overflow vulnerability in the Microsoft Works File Converter allows command execution when a user opens a WPS file...

9.3CVSS6.7AI score0.3562EPSS
Exploits5
Saint
Saint
•added 2008/08/27 12:0 a.m.•59 views

FlashGet FTP PWD buffer overflow

Added: 08/27/2008 CVE: CVE-2008-4321 BID: 30685 OSVDB: 47457 Background FlashGet is an FTP client formerly known as JetCar. Problem A buffer overflow in FlashGet allows command execution when a user connects to an FTP server which sends a specially crafted PWD response. Resolution Use a different...

9.3CVSS7AI score0.05737EPSS
Exploits5
Saint
Saint
•added 2008/05/30 12:0 a.m.•59 views

CA ARCserve Backup caloggerd opcode 79 buffer overflow

Added: 05/30/2008 CVE: CVE-2008-2242 BID: 29283 OSVDB: 45368 Background CA ARCserve Backup formerly BrightStor ARCserve Backup is a backup and recovery solution. The logger daemon caloggerd is an RPC service which handles event logs. Problem A buffer overflow vulnerability in caloggerd allows...

7.5CVSS7.7AI score0.14716EPSS
Exploits9
Saint
Saint
•added 2008/04/09 12:0 a.m.•59 views

Windows GDI EMF filename buffer overflow

Added: 04/09/2008 CVE: CVE-2008-1087 BID: 28570 OSVDB: 44215 Background The Windows Graphics Device Interface GDI interacts with graphics device drivers on behalf of applications. Problem A buffer overflow in Windows GDI allows command execution when a user opens a specially crafted EMF file...

9.3CVSS8.3AI score0.56603EPSS
Exploits5
Saint
Saint
•added 2008/02/22 12:0 a.m.•59 views

Microsoft Works File Converter index table vulnerability

Added: 02/22/2008 CVE: CVE-2008-0105 BID: 27658 OSVDB: 41458 Background The Microsoft Works File Converter allows Microsoft Office to open Microsoft Works files. Problem A buffer overflow vulnerability in the Microsoft Works File Converter allows arbitrary command execution when a user opens a .w...

9.3CVSS6.9AI score0.43757EPSS
Exploits5
Saint
Saint
•added 2008/02/01 12:0 a.m.•59 views

Oracle XDB component PITRIG_TRUNCATE buffer overflow

Added: 02/01/2008 CVE: CVE-2008-0339 BID: 27229 OSVDB: 40300 Background The PITRIGTRUNCATE function is included in the XDB.XDBPITRIGPKG package which is included with Oracle Database. Problem A buffer overflow vulnerability in the PITRIGTRUNCATE function allows remote, authenticated attackers to...

10CVSS7.5AI score0.1453EPSS
Exploits4
Saint
Saint
•added 2008/01/15 12:0 a.m.•59 views

Novell GroupWise Client IMG SRC buffer overflow

Added: 01/15/2008 CVE: CVE-2007-6435 BID: 26875 OSVDB: 40870 Background Novell GroupWise is an e-mail and collaboration product suite. Problem A buffer overflow vulnerability in the GroupWise client allows command execution when a user replies to or forwards a message containing an IMG tag with a...

9.3CVSS6.8AI score0.06588EPSS
Exploits5
Saint
Saint
•added 2007/08/17 12:0 a.m.•59 views

Internet Explorer tblinf32.dll ActiveX IObjectsafety vulnerability

Added: 08/17/2007 CVE: CVE-2007-2216 BID: 25289 OSVDB: 36396 Background The IObjectsafety interface provides methods to get and set safety options for objects which support untrusted clients. Problem The tblinf32.dll ActiveX control implements IObjectsafety incorrectly, allowing execution of code...

9.3CVSS6.8AI score0.41388EPSS
Exploits5
Saint
Saint
•added 2006/12/08 12:0 a.m.•59 views

BrightStor ARCserve Discovery service 9b command buffer overflow

Added: 12/08/2006 CVE: CVE-2006-6379 BID: 21502 OSVDB: 30775 Background The BrightStor ARCserve Backup server includes a discovery service which listens on ports 41523/TCP and 41524/UDP. Problem A buffer overflow vulnerability in the ASBRDCST.DLL library allows remote attackers to execute arbitra...

7.5CVSS7.9AI score0.2094EPSS
Exploits4
Saint
Saint
•added 2006/06/30 12:0 a.m.•59 views

Windows RRAS memory corruption vulnerability

Added: 06/30/2006 CVE: CVE-2006-2370 BID: 18325 OSVDB: 26437 Background The Routing and Remote Access Service RRAS allows a Windows computer to act as a router, dial-up access server, VPN server, or network address translator. Problem A buffer overflow in RRAS allows remote attackers to execute...

7.5CVSS9.9AI score0.72969EPSS
Exploits18
Saint
Saint
•added 2006/03/03 12:0 a.m.•59 views

Windows Plug and Play buffer overflow

Added: 03/03/2006 CVE: CVE-2005-1983 BID: 14513 OSVDB: 18605 Background The Windows Plug and Play service allows Windows operating systems to automatically detect and configure a new hardware device, such as a mouse. Problem A buffer overflow in the Plug and Play service could allow command...

10CVSS6.9AI score0.93405EPSS
Exploits9
Saint
Saint
•added 2019/06/06 12:0 a.m.•58 views

Zimbra Collaboration Suite ProxyServlet Server Side Request Forgery

Added: 06/06/2019 CVE: CVE-2019-9621 Background Zimbra Collaboration Suite is an email, calendar, and collaboration solution for enterprises. Problem The ProxyServlet component allows a remote attacker to upload arbitrary files, which can then be executed, using XML External Entity injection and...

7.5CVSS8AI score0.80906EPSS
Exploits10
Saint
Saint
•added 2015/09/15 12:0 a.m.•58 views

Windows Media Center command execution

Added: 09/15/2015 CVE: CVE-2015-2509 Background Windows Media Center is software for watching DVDs and TV channels on Windows systems. Problem A vulnerability in Windows Media Center could allow command execution when a user opens an .mcl file which references an executable file supplied by an...

9.3CVSS8.3AI score0.71044EPSS
Exploits12
Saint
Saint
•added 2014/06/24 12:0 a.m.•58 views

Adobe Pixel Shader

Added: 06/24/2014 CVE: CVE-2014-0515 BID: 67092 OSVDB: 106347 Background The Adobe Flash plugin provides flash content rendering for web browsers. Problem A buffer overflow exists due to an error in processing SWF files. The vulnerable function exists in the the DisplayShader class and can be...

10CVSS9AI score0.94569EPSS
Exploits9
Saint
Saint
•added 2014/05/13 12:0 a.m.•58 views

Linux kernel __sock_diag_rcv_msg Netlink message privilege elevation

Added: 05/13/2014 CVE: CVE-2013-1763 BID: 58137 OSVDB: 90604 Background Netlink is a feature of the Linux kernel which allows communication between kernel and user space. Problem An array index error in the sockdiagrcvmsg function in the Linux kernel allows local users to gain root privileges by...

7.2CVSS7.6AI score0.0418EPSS
Exploits12
Saint
Saint
•added 2013/12/09 12:0 a.m.•58 views

ABB MicroSCADA wserver.exe command execution

Added: 12/09/2013 BID: 63901 OSVDB: 100324 Background MicroSCADA Pro is a substation automation product from ABB. Problem A vulnerability in the wserver.exe process allows remote attackers to execute arbitrary commands by sending an EXECUTE request to port 12221/TCP. Resolution Disable wserver.ex...

1.5AI score
Exploits0
Saint
Saint
•added 2013/11/25 12:0 a.m.•58 views

PineApp Mail-SeCure confnetworking.html nsserver command execution

Added: 11/25/2013 CVE: CVE-2013-6830 BID: 63817 OSVDB: 100029 Background PineApp Mail-SeCure is an e-mail security appliance which provides perimeter security protection to stop threats prior to their penetration of the customer's network, as well as post-perimeter anti-spam content inspection...

7.5CVSS7.5AI score0.08929EPSS
Exploits5
Saint
Saint
•added 2013/08/22 12:0 a.m.•58 views

Mozilla Firefox onreadystatechange Event Use After Free

Added: 08/22/2013 CVE: CVE-2013-1690 BID: 60778 OSVDB: 94584 Background Firefox is a freely available web browser for multiple platforms including Windows, Linux, and Mac OS. Problem A use-after-free vulnerability is triggered when handling onreadystatechange events and Event or Page reloads at t...

9.3CVSS9.3AI score0.69021EPSS
Exploits9
Saint
Saint
•added 2013/05/20 12:0 a.m.•58 views

phpMyAdmin preg_replace from_prefix sanitization vulnerability

Added: 05/20/2013 CVE: CVE-2013-3238 BID: 59460 OSVDB: 92793 Background phpMyAdmin is a free software tool, written in PHP, designed to handle the administration of MySQL over the Web. Problem phpMyAdmin before 3.5.8.1 is vulnerable to code injection as a result of failure to sanitize input passe...

6CVSS6.7AI score0.28851EPSS
Exploits14
Saint
Saint
•added 2013/02/15 12:0 a.m.•58 views

Ruby on Rails XML Processor YAML Deserialization

Added: 02/15/2013 CVE: CVE-2013-0156 BID: 57187 OSVDB: 89026 Background Ruby on Rails is a full stack, Web application framework optimized for sustainable programming productivity, allowing writing sound code by favoring convention over configuration. Problem Ruby on Rails versions prior to 2.3.1...

7.5CVSS7.7AI score0.99449EPSS
Exploits21
Saint
Saint
•added 2013/02/07 12:0 a.m.•58 views

Java JAX-WS statistics.impl package sandbox breach

Added: 02/07/2013 CVE: CVE-2012-5076 BID: 56054 OSVDB: 86350 Background Java API for XML Web Services JAX-WS is a technology for developing web services in Java. It is included in the Java EE 5 platform. Problem A vulnerability in JAX-WS when handling the...

10CVSS9.8AI score0.91013EPSS
Exploits18
Saint
Saint
•added 2013/01/28 12:0 a.m.•58 views

Nagios 3 history.cgi Command Injection

Added: 01/28/2013 CVE: CVE-2012-6096 BID: 56879 OSVDB: 88322 Background Nagios is a network host and service monitoring and management system. Problem The Nagios history.cgi script is vulnerable to a stack overflow when parsing the host parameter. This may allow an attacker to execute arbitrary...

7.5CVSS7.2AI score0.6645EPSS
Exploits15
Saint
Saint
•added 2012/11/23 12:0 a.m.•58 views

Java JAX-WS gmbal package sandbox breach

Added: 11/23/2012 CVE: CVE-2012-5076 BID: 56054 OSVDB: 86350 Background Java API for XML Web Services JAX-WS is a technology for developing web services in Java. It is included in the Java EE 5 platform. Problem A vulnerability in JAX-WS when handling the gmbal package allows code execution outsi...

10CVSS9.6AI score0.91013EPSS
Exploits18
Saint
Saint
•added 2012/07/23 12:0 a.m.•58 views

Oracle Java Runtime Hotspot Bytecode Verifier Type Confusion

Added: 07/23/2012 CVE: CVE-2012-1723 BID: 53960 OSVDB: 82877 Background Java is a programming language that compiles programs to bytecode, which is then executed inside a Java Virtual Machine. This is optimal for applications that must run on various hardware platforms, such as web applets. Probl...

10CVSS9.7AI score0.93688EPSS
Exploits9
Saint
Saint
•added 2012/07/17 12:0 a.m.•58 views

Oracle AutoVue SetMarkupMode ActiveX Overflow

Added: 07/17/2012 CVE: CVE-2012-0549 BID: 53077 OSVDB: 81439 Background Oracle AutoVue Enterprise Visualization is a suite of Oracle products designed to deliver a web-based capability to access, view, digitally annotate and collaborate on technical and business documents, without requiring...

7.5CVSS6.4AI score0.59413EPSS
Exploits10
Total number of security vulnerabilities4305