Lucene search
K
SaintMost viewed

4305 matches found

Saint
Saint
•added 2012/06/27 12:0 a.m.•58 views

Microsoft XML Core Services memory corruption

Added: 06/27/2012 CVE: CVE-2012-1889 BID: 53934 OSVDB: 82873 Background Microsoft XML Core Services allows developers to create XML-based applications. Problem A memory corruption vulnerability allows command execution when a user opens a specially crafted web page, which causes MSXML to access a...

9.3CVSS9AI score0.83638EPSS
Exploits12
Saint
Saint
•added 2012/01/10 12:0 a.m.•58 views

Chrome Password Grabber

Added: 01/10/2012 Background This tool grabs the saved passwords in the Chrome browser of the target's logged in user. Limitations Password Hash Grabber works on Windows targets. A connection to the target is required to run this tool. The target must have the .NET runtime 2.0 or higher. Platform...

0.1AI score
Exploits0
Saint
Saint
•added 2011/11/23 12:0 a.m.•58 views

Microsoft SharePoint Office Document Load Balancer SOAP Vulnerability

Added: 11/23/2011 CVE: CVE-2010-3964 BID: 45264 OSVDB: 69817 Background Microsoft SharePoint is a web application platform that provides web content management and document management as an aid to collaboration among users. SharePoint's multi-purpose design allows for managing and provisioning of...

7.5CVSS7.1AI score0.93916EPSS
Exploits9
Saint
Saint
•added 2011/01/24 12:0 a.m.•58 views

HP OpenView Network Node Manager nnmRptConfig.exe schd_select1 Remote Code Execution

Added: 01/24/2011 CVE: CVE-2011-0269 BID: 45762 OSVDB: 70473 Background HP OpenView Network Node Manager is network availability and performance management software. Problem A stack buffer overflow vulnerability allows remote attackers to execute arbitrary commands by requesting the...

10CVSS7.7AI score0.16546EPSS
Exploits4
Saint
Saint
•added 2010/10/04 12:0 a.m.•58 views

Java Runtime CMM readMabCurveData Buffer Overflow

Added: 10/04/2010 CVE: CVE-2010-0838 BID: 39069 OSVDB: 63500 Background Oracle Java SE and Java for Business are development platforms for developing and deploying Java applications. They include the Java SE Development Kit JDK and the Java Runtime Environment JRE. The JRE provides the minimum...

7.5CVSS9.8AI score0.149EPSS
Exploits9
Saint
Saint
•added 2010/10/04 12:0 a.m.•58 views

Java Runtime CMM readMabCurveData Buffer Overflow

Added: 10/04/2010 CVE: CVE-2010-0838 BID: 39069 OSVDB: 63500 Background Oracle Java SE and Java for Business are development platforms for developing and deploying Java applications. They include the Java SE Development Kit JDK and the Java Runtime Environment JRE. The JRE provides the minimum...

7.5CVSS9.7AI score0.149EPSS
Exploits9
Saint
Saint
•added 2010/06/18 12:0 a.m.•58 views

HP Operations Manager hidden Tomcat account

Added: 06/18/2010 CVE: CVE-2009-3843 BID: 37086 OSVDB: 60317 Background HP Operations Manager is a consolidated event and performance management console that correlates infrastructure, network and end-user experience events across an IT infrastructure. Problem A hidden Apache Tomcat account allow...

10CVSS9.8AI score0.78968EPSS
Exploits12
Saint
Saint
•added 2010/04/22 12:0 a.m.•58 views

Internet Explorer Tabular Data Control DataURL memory corruption

Added: 04/22/2010 CVE: CVE-2010-0805 BID: 39025 OSVDB: 63329 Background Tabular Data Control is an ActiveX control which can be used to display data from a delimited text file. Problem A memory corruption vulnerability allows command execution when a user loads a web page which invokes Tabular Da...

9.3CVSS8.1AI score0.80603EPSS
Exploits13
Saint
Saint
•added 2009/11/06 12:0 a.m.•58 views

Java Runtime Environment HsbParser.getSoundBank Stack Buffer Overflow

Added: 11/06/2009 CVE: CVE-2009-3867 BID: 36881 OSVDB: 59711 Background The Java Runtime Environment JRE is part of the Java Development Kit JDK, a set of programming tools for developing Java applications. The Java Runtime Environment provides the minimum requirements for executing a Java...

9.3CVSS7.3AI score0.73376EPSS
Exploits11
Saint
Saint
•added 2009/10/22 12:0 a.m.•58 views

Microsoft Office Art Property Table Memory Corruption

Added: 10/22/2009 CVE: CVE-2009-2528 BID: 36650 OSVDB: 58869 Background Microsoft Office is a package that provides word processing, spreadsheet, presentation, e-mail, and calendaring capabilities for Microsoft Windows workstations. MS Office XP 2002 and MS Office 2000 use the Microsoft Windows...

9.3CVSS8.4AI score0.20452EPSS
Exploits5
Saint
Saint
•added 2009/09/24 12:0 a.m.•58 views

Mozilla Firefox PKCS11 Module Installation Code Execution

Added: 09/24/2009 CVE: CVE-2009-3076 BID: 36343 OSVDB: 57977 Background Mozilla is a suite of Internet client products available for multiple platforms. Problem The warning dialog displayed when adding or removing security modules via pkcs11.addmodule or pkcs11.deletemodule can be customized by a...

9.3CVSS6.4AI score0.06724EPSS
Exploits4
Saint
Saint
•added 2009/07/07 12:0 a.m.•58 views

Microsoft DirectShow Video Streaming ActiveX IMPEG2TuneRequest Overflow

Added: 07/07/2009 CVE: CVE-2008-0015 BID: 35558 OSVDB: 55651 Background DirectX is a feature of the Windows operating system used for streaming media. Within DirectX, the DirectShow technology performs client-side audio and video sourcing, manipulation and rendering. Problem A stack buffer overfl...

9.3CVSS6.8AI score0.76647EPSS
Exploits10
Saint
Saint
•added 2008/03/12 12:0 a.m.•58 views

Microsoft Office Web Components OWC.Spreadsheet.9 ActiveX Control overflow

Added: 03/12/2008 CVE: CVE-2006-4695 BID: 28135 OSVDB: 42711 Background Microsoft Office Web Components OWC are a group of OLE classes implemented as ActiveX controls. Problem A buffer overflow vulnerability in the OWC.Spreadsheet.9 ActiveX control allows command execution when a user loads a web...

9.3CVSS6.8AI score0.4014EPSS
Exploits6
Saint
Saint
•added 2008/02/04 12:0 a.m.•58 views

Winamp Ultravox streaming metadata artist tag buffer overflow

Added: 02/04/2008 CVE: CVE-2008-0065 BID: 27344 OSVDB: 41707 Background Winamp is a media player for Windows. Problem A buffer overflow vulnerability in the inmp3.dll library when parsing Ultravox streaming metadata allows command execution when a user opens a stream containing a long, specially...

10CVSS6.8AI score0.61275EPSS
Exploits8
Saint
Saint
•added 2008/01/07 12:0 a.m.•58 views

Adobe Flash Player ActionScript launch command execution

Added: 01/07/2008 CVE: CVE-2008-5499 BID: 32896 OSVDB: 50796 Background Adobe Flash Player is a cross-platform browser plug-in providing visual enhancements for web pages. Problem An input validation vulnerability allows command execution when the browser loads an SWF file which contains shell...

9.3CVSS6.4AI score0.79426EPSS
Exploits11
Saint
Saint
•added 2007/12/24 12:0 a.m.•58 views

Samba lsa_io_trans_names buffer overflow

Added: 12/24/2007 CVE: CVE-2007-2446 BID: 24195 OSVDB: 34699 Background Samba is a software package which implements the SMB protocol on a variety of platforms, providing compatibility with Windows systems. Problem A vulnerability in the LSA RPC interface allows a remote attacker to execute...

10CVSS9.1AI score0.77806EPSS
Exploits23
Saint
Saint
•added 2007/05/16 12:0 a.m.•58 views

Trend Micro ServerProtect EarthAgent RPC buffer overflow

Added: 05/16/2007 CVE: CVE-2007-2508 BID: 23866 OSVDB: 35789 Background Trend Micro ServerProtect is a virus scanner for servers. It includes the EarthAgent daemon which listens for connections on port 3628/TCP. Problem A buffer overflow vulnerability in the EarthAgent daemon allows remote...

10CVSS7.7AI score0.77194EPSS
Exploits18
Saint
Saint
•added 2007/03/22 12:0 a.m.•58 views

Mercury IMAP data continuation buffer overflow

Added: 03/22/2007 CVE: CVE-2007-1373 OSVDB: 33883 Background Mercury Mail Transport System is an e-mail server product for Windows and NetWare. Problem A buffer overflow vulnerability in the Mercury IMAP service when processing data continuation specifiers allows remote attackers to execute...

10CVSS7.9AI score0.58687EPSS
Exploits8
Saint
Saint
•added 2006/11/27 12:0 a.m.•58 views

WinZip FileView ActiveX control unsafe method

Added: 11/27/2006 CVE: CVE-2006-5198 BID: 21060 OSVDB: 30433 Background WinZip includes the FileView ActiveX control which provides a user interface similar to the file view pane in Windows Explorer. Problem The FileView ActiveX control is marked "safe for scripting" and exposes several unsafe...

4CVSS7AI score0.602EPSS
Exploits5
Saint
Saint
•added 2006/10/27 12:0 a.m.•58 views

Serv-U FTP Server MDTM timezone buffer overflow

Added: 10/27/2006 CVE: CVE-2004-0330 BID: 9751 OSVDB: 4073 Background Serv-U FTP Server supports the MDTM command which allows users to modify the time stamp on files. Problem A buffer overflow in Serv-U FTP Server allows remote authenticated attackers to execute arbitrary commands by sending the...

10CVSS7.5AI score0.8547EPSS
Exploits8
Saint
Saint
•added 2006/06/05 12:0 a.m.•58 views

Internet Explorer Javaprxy.dll heap overflow

Added: 06/05/2006 CVE: CVE-2005-2087 BID: 14087 OSVDB: 17680 Background Windows operating systems use the Component Object Model COM to allow various program components to be run within different applications. One such object, the JView Profiler Javaprxy.dll, is a debugger interface for Microsoft...

5CVSS6.7AI score0.61372EPSS
Exploits4
Saint
Saint
•added 2006/05/08 12:0 a.m.•58 views

Apache chunked encoding buffer overflow

Added: 05/08/2006 CVE: CVE-2002-0392 BID: 5033 OSVDB: 838 Background Apache web servers support chunked encoding, which is used by a web client to send data to the server in parts, or chunks. Problem A flaw in the calculation of the size of chunked encoding leads to a buffer overflow, allowing...

7.5CVSS6.6AI score0.95027EPSS
Exploits8
Saint
Saint
•added 2006/02/08 12:0 a.m.•58 views

Microsoft IIS 5.0 printer ISAPI extension buffer overflow

Added: 02/08/2006 CVE: CVE-2001-0241 BID: 2674 OSVDB: 3323 Background Microsoft IIS web servers include ISAPI extensions which are invoked in the server process to handle requests of a given type. Problem The ISAPI extension which handles requests for file names ending in .printer is affected by ...

10CVSS7.5AI score0.87032EPSS
Exploits10
Saint
Saint
•added 2005/12/08 12:0 a.m.•58 views

FreeFTPd user name buffer overflow

Added: 12/08/2005 CVE: CVE-2005-3683 BID: 15457 OSVDB: 20909 Background FreeFTPd is a free FTP/FTPS/SFTP server for Windows platforms. Problem An unauthenticated remote attacker could execute arbitrary commands by sending a long, specially crafted argument to the USER command. Resolution Upgrade ...

7.5CVSS7.5AI score0.71506EPSS
Exploits8
Saint
Saint
•added 2020/02/10 12:0 a.m.•57 views

OpenSMTPD MAIL FROM command injection

Added: 02/10/2020 CVE: CVE-2020-7247 Background OpenSMTPD is a free SMTP implementation. It comes with the OpenBSD operating system but is also available for other platforms. Problem The smtpmailaddr function does not properly sanitize user input, allowing remote attackers to inject arbitrary...

10CVSS9.8AI score0.98946EPSS
Exploits27
Saint
Saint
•added 2019/01/18 12:0 a.m.•57 views

Horde Imp Unauthenticated Remote Command Execution

Added: 01/18/2019 BID: 106018 Background The IMP is a web-based mail client for IMAP and POP3 accounts. It is built atop the Horde Application Framework, which is a general-purpose web application library written in PHP. Problem A vulnerability in Horde IMP could allow unauthenticated command...

0.8AI score
Exploits0
Saint
Saint
•added 2016/12/23 12:0 a.m.•57 views

McAfee VirusScan Enterprise for Linux authentication token brute force

Added: 12/23/2016 CVE: CVE-2016-8023 BID: 94823 Background McAfee VirusScan Enterprise for Linux is real-time, anti-malware software for Linux. Problem McAfee VirusScan Enterprise for Linux allows remote attackers to execute arbitrary commands by exploiting multiple vulnerabilities, including the...

8.1CVSS8.5AI score0.09211EPSS
Exploits7
Saint
Saint
•added 2015/02/18 12:0 a.m.•57 views

HP Data Protector Windows Unauthenticated Remote Code Execution

Added: 02/18/2015 CVE: CVE-2014-2623 BID: 68672 OSVDB: 109069 Background HP Data Protector is a backup solution for enterprise and distributed environments. Data Protector Manager listens on port 5555/TCP. Problem HP Data Protector is vulnerable to remote unauthenticated arbitrary command executi...

10CVSS9.8AI score0.89394EPSS
Exploits20
Saint
Saint
•added 2014/11/17 12:0 a.m.•57 views

Windows OLE Automation Array command execution

Added: 11/17/2014 CVE: CVE-2014-6332 BID: 70952 OSVDB: 114533 Background OLE Object Linking and Embedding is a technology that allows applications to share data and functionality, such as the ability to create and edit compound data, i.e., data that contains information in multiple formats. Probl...

9.3CVSS8.8AI score0.94996EPSS
Exploits39
Saint
Saint
•added 2013/12/09 12:0 a.m.•57 views

ABB MicroSCADA wserver.exe command execution

Added: 12/09/2013 BID: 63901 OSVDB: 100324 Background MicroSCADA Pro is a substation automation product from ABB. Problem A vulnerability in the wserver.exe process allows remote attackers to execute arbitrary commands by sending an EXECUTE request to port 12221/TCP. Resolution Disable wserver.ex...

1.5AI score
Exploits0
Saint
Saint
•added 2013/05/24 12:0 a.m.•57 views

Java Runtime Environment DriverManager doPrivileged block sandbox bypass

Added: 05/24/2013 CVE: CVE-2013-1488 BID: 58504 OSVDB: 91472 Background Oracle Java is a development platform for developing and deploying Java applications. It includes the Java Development Kit JDK and the Java Runtime Environment JRE. The JRE provides the minimum requirements for executing a Ja...

10CVSS9.8AI score0.87227EPSS
Exploits10
Saint
Saint
•added 2013/04/01 12:0 a.m.•57 views

Sami FTP Server LIST command buffer overflow

Added: 04/01/2013 BID: 58247 OSVDB: 90815 Background Sami FTP Server is an FTP server for Windows. Problem Sami FTP Server is affected by a buffer overflow vulnerability. A remote attacker could exploit this vulnerability by sending a long, specially crafted LIST command to the server, resulting ...

0.1AI score
Exploits0
Saint
Saint
•added 2013/01/28 12:0 a.m.•57 views

Nagios 3 history.cgi Command Injection

Added: 01/28/2013 CVE: CVE-2012-6096 BID: 56879 OSVDB: 88322 Background Nagios is a network host and service monitoring and management system. Problem The Nagios history.cgi script is vulnerable to a stack overflow when parsing the host parameter. This may allow an attacker to execute arbitrary...

7.5CVSS7.2AI score0.6645EPSS
Exploits15
Saint
Saint
•added 2013/01/07 12:0 a.m.•57 views

RealPlayer InternetShortcut URL property buffer overflow

Added: 01/07/2013 CVE: CVE-2012-5691 BID: 56956 OSVDB: 88486 Background RealPlayer is a media player application which can play back various multimedia file formats. Problem A buffer overflow vulnerability in the GetPrivateProfileString function allows command execution when a user opens a...

9.3CVSS6.9AI score0.52703EPSS
Exploits8
Saint
Saint
•added 2012/11/23 12:0 a.m.•57 views

Java JAX-WS gmbal package sandbox breach

Added: 11/23/2012 CVE: CVE-2012-5076 BID: 56054 OSVDB: 86350 Background Java API for XML Web Services JAX-WS is a technology for developing web services in Java. It is included in the Java EE 5 platform. Problem A vulnerability in JAX-WS when handling the gmbal package allows code execution outsi...

10CVSS9.6AI score0.91013EPSS
Exploits18
Saint
Saint
•added 2012/03/23 12:0 a.m.•57 views

Dell Webcam Software ActiveX Control CrazyTalk4Native.dll Buffer Overflow

Added: 03/23/2012 BID: 52571 OSVDB: 80205 Background Dell Webcam center was written by Creative and branded by Dell. It includes features to control the Dell laptop's integrated webcam, providing photo capture and video recording capability. It comes bundled with Creative Livecam, which provides...

0.2AI score
Exploits0
Saint
Saint
•added 2012/02/03 12:0 a.m.•57 views

Oracle Outside In Library OOXML Overflow

Added: 02/03/2012 CVE: CVE-2012-0110 BID: 51452 OSVDB: 78411 Background Oracle Outside In is a a suite of software development kits that allows developers with a comprehensive solution to access, transform, and control the contents of over 500 unstructured file formats. Problem Outside In version...

4.4CVSS6.2AI score0.00356EPSS
Exploits4
Saint
Saint
•added 2012/01/26 12:0 a.m.•57 views

HP Diagnostics Server magentservice.exe Integer Wrap

Added: 01/26/2012 CVE: CVE-2011-4789 BID: 51398 OSVDB: 78309 Background HP Diagnostics software monitors application transaction health in traditional, virtualized and cloud environments. Problem A vulnerability exists in the way the magentservice.exe service handles network requests. Subtraction...

10CVSS6.8AI score0.64803EPSS
Exploits8
Saint
Saint
•added 2012/01/26 12:0 a.m.•57 views

HP Easy Printer Care XMLCacheMgr Class ActiveX Control Remote Code Execution

Added: 01/26/2012 CVE: CVE-2011-4786 BID: 51396 OSVDB: 78306 Background HP Easy Printer Care Software is a tool to control and monitor up to 20 HP printers. Problem HP Easy Printer Care Software 2.5 and prior versions are vulnerable to remote code execution. The CacheDocumentXMLWithId method from...

9.3CVSS7.1AI score0.40986EPSS
Exploits9
Saint
Saint
•added 2012/01/24 12:0 a.m.•57 views

Windows Object Packager Insecure Execution

Added: 01/24/2012 CVE: CVE-2012-0009 BID: 51297 OSVDB: 78212 Background Windows Object Packager is a tool that can be used to create a package that can be inserted into a file. Problem A vulnerability exists in the way the Windows Object Packager registers and implements packages stored on networ...

9.3CVSS5.9AI score0.20561EPSS
Exploits4
Saint
Saint
•added 2011/12/16 12:0 a.m.•57 views

Smart Software Solutions CoDeSys Webserver URI Copying Stack Buffer Overflow

Added: 12/16/2011 CVE: CVE-2011-5007 BID: 50849 OSVDB: 77387 Background Smart Software Solutions GmbH 3S manufactures CoDeSys Web Server, a Supervisory Control and Data Acquisition/Human-Machine Interface SCADA/HMI product. The SCADA Web Server listens on TCP port 8080. Problem The CmpWebServer.d...

10CVSS7.2AI score0.72582EPSS
Exploits6
Saint
Saint
•added 2011/12/12 12:0 a.m.•58 views

Iron Mountain Connected Backup Opcode 13 Processing Command Injection

Added: 12/12/2011 CVE: CVE-2011-2397 BID: 50884 OSVDB: 77495 Background Iron Mountain Connected Backup is a solution for automatic online backup and recovery for Microsoft Windows and Mac OS X. An agent is installed on each computer that is to be backed up. The agent listens by default on TCP por...

10CVSS7.4AI score0.05521EPSS
Exploits4
Saint
Saint
•added 2011/08/15 12:0 a.m.•57 views

Microsoft Excel SLK File Parsing Buffer Overflow

Added: 08/15/2011 CVE: CVE-2011-1276 BID: 48161 OSVDB: 72924 Background Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows and Macintosh platforms. Problem Microsoft Office Excel is vulnerable to remote code execution due to improper boundary...

9.3CVSS9.7AI score0.28222EPSS
Exploits10
Saint
Saint
•added 2011/07/27 12:0 a.m.•57 views

Mozilla Firefox nsTreeRange Use After Free

Added: 07/27/2011 CVE: CVE-2011-0073 BID: 47663 OSVDB: 72087 Background Firefox is a freely available web browser for multiple platforms including Windows, Linux, and Mac OS. Problem Mozilla Firefox and SeaMonkey are prone to a remote code execution vulnerability caused by accessing previously...

10CVSS9.9AI score0.70005EPSS
Exploits5
Saint
Saint
•added 2011/06/03 12:0 a.m.•57 views

7T Interactive Graphical SCADA System dc.exe Directory Traversal

Added: 06/03/2011 CVE: CVE-2011-1566 BID: 46936 OSVDB: 72349 Background 7-Technologies Interactive Graphical SCADA System IGSS is a Supervisory Control and Data Acquisition SCADA solution used mainly in Denmark and the US. Problem An input validation error in the Data Collector service dc.exe whe...

10CVSS6.8AI score0.66982EPSS
Exploits11
Saint
Saint
•added 2010/12/22 12:0 a.m.•57 views

Microsoft Internet Explorer CSS Import Use-After-Free Code Execution

Added: 12/22/2010 CVE: CVE-2010-3971 BID: 45246 OSVDB: 69796 Background Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems. Cascading Style Sheets CSS is a simple mechanism for adding style to web documents. Problem Microsoft Internet Explorer is...

9.3CVSS9.6AI score0.81663EPSS
Exploits9
Saint
Saint
•added 2009/07/14 12:0 a.m.•57 views

Microsoft Office Web Components OWC.Spreadsheet Evaluate method vulnerability

Added: 07/14/2009 CVE: CVE-2009-1136 BID: 35642 OSVDB: 55806 Background Microsoft Office Web Components OWC are a group of OLE classes implemented as ActiveX controls. Problem A memory corruption vulnerability allows command execution when a web page passes a specially crafted parameter to the...

9.3CVSS6.4AI score0.6202EPSS
Exploits11
Saint
Saint
•added 2009/06/22 12:0 a.m.•57 views

Oracle Secure Backup login.php ora_osb_lcookie command execution

Added: 06/22/2009 CVE: CVE-2008-4006 BID: 33177 OSVDB: 51343 Background Oracle Secure Backup is a centralized tape backup management solution for Oracle Database. Problem A command execution vulnerability in the Oracle Secure Backup web interface allows remote attackers to execute arbitrary...

10CVSS7.2AI score0.03433EPSS
Exploits4
Saint
Saint
•added 2009/05/07 12:0 a.m.•57 views

Windows SMB credential reflection vulnerability

Added: 05/07/2009 CVE: CVE-2008-4037 BID: 7385 OSVDB: 49736 Background The Server Message Block SMB protocol is a file sharing protocol implemented in Microsoft Windows. NTLM is a challenge/response-based authentication protocol. Problem An NTLM credential reflection vulnerability allows a remote...

9.3CVSS6.6AI score0.59136EPSS
Exploits9
Saint
Saint
•added 2008/02/01 12:0 a.m.•57 views

Oracle XDB component PITRIG_TRUNCATE buffer overflow

Added: 02/01/2008 CVE: CVE-2008-0339 BID: 27229 OSVDB: 40300 Background The PITRIGTRUNCATE function is included in the XDB.XDBPITRIGPKG package which is included with Oracle Database. Problem A buffer overflow vulnerability in the PITRIGTRUNCATE function allows remote, authenticated attackers to...

10CVSS7.5AI score0.1453EPSS
Exploits4
Total number of security vulnerabilities4305