Lucene search
K
SaintMost viewed

4305 matches found

Saint
Saint
•added 2007/12/24 12:0 a.m.•57 views

Samba lsa_io_trans_names buffer overflow

Added: 12/24/2007 CVE: CVE-2007-2446 BID: 24195 OSVDB: 34699 Background Samba is a software package which implements the SMB protocol on a variety of platforms, providing compatibility with Windows systems. Problem A vulnerability in the LSA RPC interface allows a remote attacker to execute...

10CVSS9.2AI score0.77806EPSS
Exploits23
Saint
Saint
•added 2007/04/25 12:0 a.m.•57 views

Oracle Database Advanced Replication component DBMS_SNAP_INTERNAL overflow

Added: 04/25/2007 CVE: CVE-2007-2116 BID: 23532 OSVDB: 39933 Background Package DBMSSNAPINTERNAL of schema SYS is an Advanced Replication component used internally by Oracle Database. Problem A buffer overflow vulnerability in DBMSSNAPINTERNAL allows remote attackers to execute arbitrary commands...

9CVSS7.7AI score0.02946EPSS
Exploits4
Saint
Saint
•added 2007/02/21 12:0 a.m.•57 views

Trend Micro OfficeScan client ActiveX control buffer overflow

Added: 02/21/2007 CVE: CVE-2007-0325 BID: 22585 OSVDB: 33040 Background Trend Micro OfficeScan is a centralized virus and security scan management system. Problem The OfficeScan Web-Deployment SetupINICtrl ActiveX control, which is vulnerable to buffer overflows in multiple methods, is...

9.3CVSS6.6AI score0.34006EPSS
Exploits6
Saint
Saint
•added 2006/11/27 12:0 a.m.•57 views

WinZip FileView ActiveX control unsafe method

Added: 11/27/2006 CVE: CVE-2006-5198 BID: 21060 OSVDB: 30433 Background WinZip includes the FileView ActiveX control which provides a user interface similar to the file view pane in Windows Explorer. Problem The FileView ActiveX control is marked "safe for scripting" and exposes several unsafe...

4CVSS7AI score0.602EPSS
Exploits5
Saint
Saint
•added 2006/09/08 12:0 a.m.•57 views

WhatsUp Gold _maincfgret.cgi instancename buffer overflow

Added: 09/08/2006 CVE: CVE-2004-0798 BID: 11043 OSVDB: 9177 Background WhatsUp Professional formerly WhatsUp Gold is a network mapping and monitoring tool. Problem A buffer overflow in the WhatsUp Gold web interface allows remote command execution by requesting maincfgret.cgi with a long...

7.5CVSS7AI score0.62577EPSS
Exploits7
Saint
Saint
•added 2006/06/05 12:0 a.m.•57 views

Internet Explorer Javaprxy.dll heap overflow

Added: 06/05/2006 CVE: CVE-2005-2087 BID: 14087 OSVDB: 17680 Background Windows operating systems use the Component Object Model COM to allow various program components to be run within different applications. One such object, the JView Profiler Javaprxy.dll, is a debugger interface for Microsoft...

5CVSS6.6AI score0.61372EPSS
Exploits4
Saint
Saint
•added 2006/05/11 12:0 a.m.•57 views

AWStats migrate parameter command injection

Added: 05/11/2006 CVE: CVE-2006-2237 BID: 17844 OSVDB: 25284 Background AWStats is a web application for showing web, FTP, and mail server statistics. Problem AWStats uses the value of the migrate input parameter in a PERL open call without sufficient checks for invalid characters, allowing remot...

5.1CVSS6.6AI score0.58356EPSS
Exploits10
Saint
Saint
•added 2005/12/19 12:0 a.m.•57 views

Windows password weakness

Added: 12/19/2005 CVE: CVE-1999-0503 Background Passwords are the most commonly used method of authenticating users to a server. The combination of a login name and password is used to verify the identity of a user requesting access, and to determine what parts of the server the user has permissi...

7.2CVSS6.7AI score0.01835EPSS
Exploits4
Saint
Saint
•added 2016/09/23 12:0 a.m.•56 views

SugarCRM REST deserialization vulnerability

Added: 09/23/2016 BID: 91413 Background SugarCRM is customer relationship management software written in PHP. Problem Improper use of the unserialize function inside the SugarRestSerialize.php script allows remote attackers to inject PHP objects, leading to arbitrary command execution. Resolution...

7.8AI score
Exploits0
Saint
Saint
•added 2016/02/03 12:0 a.m.•56 views

IBM WebSphere Management Server Apache Commons

Added: 02/03/2016 CVE: CVE-2015-7450 Background IBM WebSphere Management console 7.x and 8.5.0 - 8.5.5.7 are packaged with a vulnerable version of the Apache Commons package. Problem Apache Commons Collections could allow a remote attacker to execute arbitrary code on the system, caused by the...

10CVSS10AI score0.97655EPSS
Exploits10
Saint
Saint
•added 2013/10/23 12:0 a.m.•56 views

McAfee Web Reporter JBoss EJBInvokerServlet Marshalled Object Code Execution

Added: 10/23/2013 CVE: CVE-2013-4810 BID: 62854 OSVDB: 97153 Background McAfee Web Reporter analyzes logs from a variety of proxy sources to provide real-time views into web traffic, including extensive drill-down capabilities and powerful off-line processing. Problem McAfee Web Reporter is...

10CVSS9.9AI score0.79003EPSS
Exploits5
Saint
Saint
•added 2013/08/30 12:0 a.m.•56 views

Oracle Java Runtime Environment AWT storeImageArray Vulnerability

Added: 08/30/2013 CVE: CVE-2013-2465 BID: 60657 OSVDB: 94339 Background Java Runtime Environment JRE allows end users to run Java applications. Problem A buffer overflow vulnerability in the storeImageArray function of the Abstract Window Toolkit AWT library awt.dll allows command execution when ...

10CVSS8.5AI score0.98704EPSS
Exploits10
Saint
Saint
•added 2013/06/03 12:0 a.m.•56 views

Internet Explorer VML Dashstyle Attributes Integer Overflow

Added: 06/03/2013 CVE: CVE-2013-2551 BID: 58570 OSVDB: 91197 Background Vector Markup Language VML is an XML-based format for vector graphics. Problem An integer overflow vulnerability in vml.dll when processing dashstyle attributes of certain VML elements in a web page allows arbitrary command...

9.3CVSS8.5AI score0.74096EPSS
Exploits9
Saint
Saint
•added 2013/05/13 12:0 a.m.•56 views

Nagios Remote Plugin Executor Metacharacter Filtering Omission

Added: 05/13/2013 CVE: CVE-2013-1362 BID: 58142 OSVDB: 90582 Background Nagios is a network host and service monitoring and management system. Nagios Remote Plugin Executor NRPE is an addon for Nagios that allows remote execution of Nagios plugins on other Linux/Unix machines. Problem Nagios Remo...

7.5CVSS7.4AI score0.65724EPSS
Exploits9
Saint
Saint
•added 2013/04/04 12:0 a.m.•56 views

Java Runtime Environment Color Management memory overwrite

Added: 04/04/2013 CVE: CVE-2013-1493 BID: 58238 OSVDB: 90737 Background The Java Runtime Environment JRE is part of the Java Development Kit JDK, a set of programming tools for developing Java applications. The Java Runtime Environment provides the minimum requirements for executing a Java...

10CVSS9.8AI score0.86151EPSS
Exploits10
Saint
Saint
•added 2012/10/29 12:0 a.m.•56 views

GE Proficy Historian KeyHelp ActiveX LaunchTriPane Vulnerability

Added: 10/29/2012 CVE: CVE-2012-2516 BID: 54215 OSVDB: 83311 Background GE Proficy Historian collects, organizes, archives and distributes tremendous volumes of real-time production information with a goal of enabling better and faster decisions and increased productivity. Problem GE Proficy...

9.3CVSS6.9AI score0.39711EPSS
Exploits9
Saint
Saint
•added 2012/08/10 12:0 a.m.•56 views

Novell iPrint Client GetDriverSettings Realm Parameter Stack Buffer Overflow

Added: 08/10/2012 CVE: CVE-2011-4187 BID: 51926 OSVDB: 78955 Background Novell iPrint is an application which allows users to install and manage printers. Novell iPrint installs the Novell iPrint Client ActiveX control named ienipp.ocx. Problem Novell iPrint Client before 5.78 on Windows is...

10CVSS7.4AI score0.03999EPSS
Exploits8
Saint
Saint
•added 2012/05/21 12:0 a.m.•56 views

Firefox AttributeChildRemoved Use After Free

Added: 05/21/2012 CVE: CVE-2011-3659 BID: 51755 OSVDB: 78736 Background Firefox is a freely available web browser for multiple platforms including Windows, Linux, and Mac OS. Problem In Firefox version prior to 3.6.26, and 4.0 through 9.0, when removing child objects from the DOM tree, the remove...

9.3CVSS9.8AI score0.36511EPSS
Exploits9
Saint
Saint
•added 2011/12/02 12:0 a.m.•56 views

Oracle Java Rhino Script Engine Code Execution

Added: 12/02/2011 CVE: CVE-2011-3544 BID: 50218 OSVDB: 76500 Background Java is a programming language that compiles programs to bytecode, which is then executed inside a Java Virtual Machine. This is optimal for applications that must run on various hardware platforms, such as web applets. Java...

10CVSS10AI score0.96714EPSS
Exploits13
Saint
Saint
•added 2011/10/14 12:0 a.m.•56 views

HP Intelligent Management Center iNodeMngChecker.exe Buffer Overflow

Added: 10/14/2011 CVE: CVE-2011-1867 BID: 48527 OSVDB: 73597 Background HP Intelligent Management Center, also known as HP iNode Management Center, is a comprehensive management platform for delivering integrated, modular network management capabilities. The iNodeMngChecker.exe component listens,...

10CVSS7.5AI score0.25787EPSS
Exploits4
Saint
Saint
•added 2011/06/03 12:0 a.m.•56 views

7T Interactive Graphical SCADA System dc.exe Directory Traversal

Added: 06/03/2011 CVE: CVE-2011-1566 BID: 46936 OSVDB: 72349 Background 7-Technologies Interactive Graphical SCADA System IGSS is a Supervisory Control and Data Acquisition SCADA solution used mainly in Denmark and the US. Problem An input validation error in the Data Collector service dc.exe whe...

10CVSS6.8AI score0.66982EPSS
Exploits11
Saint
Saint
•added 2011/04/21 12:0 a.m.•56 views

Adobe Flash Player callMethod Bytecode Memory Corruption

Added: 04/21/2011 CVE: CVE-2011-0611 BID: 47314 OSVDB: 71686 Background Adobe Flash Player is a cross-platform browser plug-in providing visual enhancements for web pages. Problem A memory corruption vulnerability allows command execution when the browser loads a specially crafted Small Web Forma...

9.3CVSS9.1AI score0.9941EPSS
Exploits14
Saint
Saint
•added 2011/04/21 12:0 a.m.•56 views

Adobe Flash Player callMethod Bytecode Memory Corruption

Added: 04/21/2011 CVE: CVE-2011-0611 BID: 47314 OSVDB: 71686 Background Adobe Flash Player is a cross-platform browser plug-in providing visual enhancements for web pages. Problem A memory corruption vulnerability allows command execution when the browser loads a specially crafted Small Web Forma...

9.3CVSS9.1AI score0.9941EPSS
Exploits14
Saint
Saint
•added 2011/01/14 12:0 a.m.•56 views

Windows Thumbnail View CreateSizedDIBSECTION buffer overflow

Added: 01/14/2011 CVE: CVE-2010-3970 BID: 45662 OSVDB: 70263 Background The shimgvw.dll library is part of the Microsoft Graphics Rendering Engine. Problem A vulnerability in shimgvw.dll allows command execution when Windows renders a thumbnail image which passes a specially crafted biClrUsed...

9.3CVSS6.3AI score0.67687EPSS
Exploits10
Saint
Saint
•added 2010/12/22 12:0 a.m.•56 views

Microsoft Internet Explorer CSS Import Use-After-Free Code Execution

Added: 12/22/2010 CVE: CVE-2010-3971 BID: 45246 OSVDB: 69796 Background Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems. Cascading Style Sheets CSS is a simple mechanism for adding style to web documents. Problem Microsoft Internet Explorer is...

9.3CVSS6.3AI score0.81663EPSS
Exploits9
Saint
Saint
•added 2010/08/12 12:0 a.m.•56 views

Microsoft Office Word RTF Parsing Engine Memory Corruption

Added: 08/12/2010 CVE: CVE-2010-1901 BID: 42132 OSVDB: 66995 Background Microsoft Office Word is Microsoft's word processing software, released as a component of Microsoft Office suite. Problem Microsoft Office Word does not perform sufficient data validation when handling rich text data. When Wo...

9.3CVSS6.8AI score0.19399EPSS
Exploits5
Saint
Saint
•added 2010/05/25 12:0 a.m.•56 views

IBM Cognos Express Server Backdoor Account Remote Code Execution

Added: 05/25/2010 CVE: CVE-2010-0557 BID: 38084 OSVDB: 62118 Background IBM Cognos Express is an integrated business intelligence BI and planning solution which delivers the essential reporting, analysis, dashboard, scorecard, planning, budgeting and forecasting capabilities that midsize companie...

7.5CVSS6.4AI score0.51069EPSS
Exploits9
Saint
Saint
•added 2010/03/22 12:0 a.m.•56 views

Adobe Reader Libtiff TIFFFetchShortPair Stack Buffer Overflow

Added: 03/22/2010 CVE: CVE-2010-0188 BID: 38195 OSVDB: 62526 Background Adobe Reader is free software for viewing PDF documents. Problem A stack buffer overflow vulnerability allows command execution when a user opens a PDF file with an embedded TIFF image that has one of several fields encoded a...

9.3CVSS8.4AI score0.88246EPSS
Exploits12
Saint
Saint
•added 2010/02/05 12:0 a.m.•56 views

Sun Java System Web Server WebDAV OPTIONS request buffer overflow

Added: 02/05/2010 CVE: CVE-2010-0361 BID: 37874 OSVDB: 61851 Background Sun Java System Web Server is a web application server. WebDAV Web-based Distributed Authoring and Versioning is an extension to the HTTP protocol which allows users to edit web server content. Problem A buffer overflow...

10CVSS7.7AI score0.80521EPSS
Exploits20
Saint
Saint
•added 2009/05/04 12:0 a.m.•56 views

Internet Explorer WinINet credential reflection vulnerability

Added: 05/04/2009 CVE: CVE-2009-0550 BID: 34439 OSVDB: 53619 Background The Windows Internet WinINet application programming interface API provides applications with an implementation of standard protocols such as FTP and HTTP. Problem An NTLM credential reflection vulnerability allows a remote w...

9.3CVSS8.1AI score0.11843EPSS
Exploits5
Saint
Saint
•added 2008/11/13 12:0 a.m.•56 views

Adobe Acrobat and Reader JavaScript buffer overflow

Added: 11/13/2008 CVE: CVE-2007-5659 BID: 27641 OSVDB: 41495 Background Adobe Acrobat is software for creating PDF documents. Adobe Reader is free software for viewing PDF documents. Problem Buffer overflow vulnerabilities in several JavaScript functions allow command execution when a user loads ...

9.3CVSS9.3AI score0.94222EPSS
Exploits9
Saint
Saint
•added 2008/07/25 12:0 a.m.•56 views

Oracle WebLogic Server Apache Connector POST buffer overflow

Added: 07/25/2008 CVE: CVE-2008-3257 BID: 30273 OSVDB: 47096 Background Oracle WebLogic Server formerly BEA WebLogic Server is a Java web application platform. Problem A buffer overflow in the Apache Connector for WebLogic Server allows remote attackers to execute arbitrary commands by sending a...

10CVSS7.8AI score0.83589EPSS
Exploits9
Saint
Saint
•added 2008/05/15 12:0 a.m.•56 views

Motorola Timbuktu login request buffer overflow

Added: 05/15/2008 CVE: CVE-2007-4221 BID: 25454 OSVDB: 40124 Background Motorola Timbuktu is remote control software for Windows and Mac. It runs a service which listens for connections on port 407/TCP or 407/UDP. Problem A buffer overflow vulnerability when processing login requests allows remot...

10CVSS7.9AI score0.06264EPSS
Exploits4
Saint
Saint
•added 2007/12/24 12:0 a.m.•56 views

Samba lsa_io_trans_names buffer overflow

Added: 12/24/2007 CVE: CVE-2007-2446 BID: 24195 OSVDB: 34699 Background Samba is a software package which implements the SMB protocol on a variety of platforms, providing compatibility with Windows systems. Problem A vulnerability in the LSA RPC interface allows a remote attacker to execute...

10CVSS9.2AI score0.77806EPSS
Exploits23
Saint
Saint
•added 2007/09/06 12:0 a.m.•56 views

ClamAV milter popen command injection

Added: 09/06/2007 CVE: CVE-2007-4560 BID: 25439 OSVDB: 36909 Background ClamAV is an open-source anti-virus toolkit. clamav-milter is a derivative of ClamAV for e-mail servers running Sendmail. Problem An insecure call to the popen function in clamav-milter, when running in black hole mode, allow...

7.6CVSS9.5AI score0.83539EPSS
Exploits12
Saint
Saint
•added 2006/04/06 12:0 a.m.•56 views

TWiki revision control shell command injection

Added: 04/06/2006 CVE: CVE-2005-2877 BID: 14834 OSVDB: 19403 Background TWiki is a web-based collaboration platform written in PERL. Problem The revision control function in TWiki does not sufficiently check the rev parameter before using it in a shell command call. This allows remote attackers t...

7.5CVSS7.5AI score0.71104EPSS
Exploits8
Saint
Saint
•added 2006/03/03 12:0 a.m.•56 views

Windows Plug and Play buffer overflow

Added: 03/03/2006 CVE: CVE-2005-1983 BID: 14513 OSVDB: 18605 Background The Windows Plug and Play service allows Windows operating systems to automatically detect and configure a new hardware device, such as a mouse. Problem A buffer overflow in the Plug and Play service could allow command...

10CVSS6.9AI score0.93405EPSS
Exploits9
Saint
Saint
•added 2019/09/13 12:0 a.m.•55 views

Cisco UCS Director authentication bypass and command injection

Added: 09/13/2019 CVE: CVE-2019-1937 Background Cisco UCS Director is a heterogeneous platform for private cloud Infrastructure as a Service IaaS. Problem An authentication bypass vulnerability in the ClientServlet allows unauthenticated users to gain an administrative session. Furthermore, a...

10CVSS9.5AI score0.75863EPSS
Exploits14
Saint
Saint
•added 2019/04/16 12:0 a.m.•55 views

KACE K1000 Remote Code Execution

Added: 04/16/2019 Background KACE Systems Management Appliance manages, secures, and services network-connected devices. Problem A vulnerability in KACE Systems Management Appliance K1000 could allow unauthenticated command execution. Resolution Upgrade to the latest version of your KACE Systems...

7.7AI score
Exploits0
Saint
Saint
•added 2016/03/24 12:0 a.m.•55 views

Bash environment variable command injection in Cisco UCS Manager

Added: 03/24/2016 CVE: CVE-2014-6278 BID: 70166 Background GNU Bash Bourne Again SHell is a command shell commonly used on Linux and Unix systems. Cisco UCS Manager is a product for management of Cisco UCS and Cisco HyperFlex infrastructure. Problem The Bash shell executes commands injected after...

10CVSS9.8AI score0.99621EPSS
Exploits31
Saint
Saint
•added 2015/12/17 12:0 a.m.•55 views

Joomla User-Agent PHP object injection

Added: 12/17/2015 CVE: CVE-2015-8562 BID: 79195 Background Joomla is a content management system written in PHP. Problem A vulnerability which occurs when Joomla saves browser session information could allow a remote, unauthenticated attacker to inject PHP objects via the User-Agent header, leadi...

7.5CVSS8.2AI score0.98283EPSS
Exploits16
Saint
Saint
•added 2014/08/21 12:0 a.m.•55 views

Firefox crypto.generateCRMFRequest command execution

Added: 08/21/2014 CVE: CVE-2013-1710 BID: 61900 OSVDB: 96019 Background Firefox is a freely available web browser for multiple platforms including Windows, Linux, and Mac OS. Problem A vulnerability in the implementation of the crypto.generateCRMFRequest javascript method allows command execution...

10CVSS9AI score0.40118EPSS
Exploits13
Saint
Saint
•added 2014/02/11 12:0 a.m.•55 views

Android WebView addJavascriptInterface Arbitrary Java Method Access

Added: 02/11/2014 CVE: CVE-2013-4710 OSVDB: 97520 Background Android is a Linux-based operating system used primarily on touchscreen mobile devices such as smartphones and tablet computers. It was originally developed by Android Inc., but is now owned by Google. WebView is a sub-class of the...

9.3CVSS6.7AI score0.42623EPSS
Exploits6
Saint
Saint
•added 2013/10/17 12:0 a.m.•55 views

Mozilla Firefox XMLSerializer serializeToStream Use-after-free Vulnerability

Added: 10/17/2013 CVE: CVE-2013-0753 BID: 57209 OSVDB: 89021 Background Firefox is a freely available web browser for multiple platforms including Windows, Linux, and Mac OS. Problem Mozilla Firefox prior to 18.0 contains a use-after-free error in the XMLSerializer when the serializeToStream meth...

9.3CVSS9.3AI score0.51324EPSS
Exploits8
Saint
Saint
•added 2013/07/18 12:0 a.m.•55 views

Apache Struts URL includeParams Attribute OGNL Code Injection

Added: 07/18/2013 CVE: CVE-2013-2115 BID: 60167 OSVDB: 93645 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Problem...

9.3CVSS8.2AI score0.72778EPSS
Exploits9
Saint
Saint
•added 2013/07/09 12:0 a.m.•55 views

HP Data Protector opcode 259 buffer overflow

Added: 07/09/2013 CVE: CVE-2013-2329 BID: 60304 OSVDB: 93863 Background HP Data Protector is an automated data backup solution. Problem A buffer overflow vulnerability when handling requests with opcode 259 allows remote attackers to execute arbitrary commands. Resolution Apply a patch referenced...

10CVSS7.6AI score0.61043EPSS
Exploits4
Saint
Saint
•added 2013/04/24 12:0 a.m.•55 views

Java Runtime Environment Hotspot final field vulnerability

Added: 04/24/2013 CVE: CVE-2013-2423 BID: 59162 OSVDB: 92348 Background The Java Runtime Environment JRE is part of the Java Development Kit JDK, a set of programming tools for developing Java applications. The Java Runtime Environment provides the minimum requirements for executing a Java...

4.3CVSS4.8AI score0.85333EPSS
Exploits6
Saint
Saint
•added 2012/08/02 12:0 a.m.•55 views

Apache Struts 2 ConversionErrorInterceptor Java Injection

Added: 08/02/2012 CVE: CVE-2012-0391 OSVDB: 78277 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Problem Struts uses...

9.3CVSS8.8AI score0.75071EPSS
Exploits11
Saint
Saint
•added 2012/05/09 12:0 a.m.•55 views

VideoLAN VLC Media Player MMS URI Stack Overflow

Added: 05/09/2012 CVE: CVE-2012-1775 BID: 53391 OSVDB: 80188 Background VLC media player is a media player supporting various audio and video formats for multiple platforms. Problem VLC Player versions 2.0.0 and lower do not properly validate the hostname when accessing MMS URIs. An overly long...

9.3CVSS6.5AI score0.44621EPSS
Exploits9
Saint
Saint
•added 2011/11/14 12:0 a.m.•55 views

Novell ZENworks LaunchHelp.dll ActiveX Control LaunchProcess Code Execution

Added: 11/14/2011 CVE: CVE-2011-2657 BID: 50274 OSVDB: 76700 Background Novell ZENworks Configuration Management is an IT desktop computer management suite that provides the ability to install, configure and administer desktop computers from a centralized location. The product is based on a...

6.8CVSS7.2AI score0.48366EPSS
Exploits10
Total number of security vulnerabilities4305