Lucene search
K
SaintMost viewed

4305 matches found

Saint
Saint
•added 2009/03/10 12:0 a.m.•54 views

Citect SCADA ODBC Service Overflow

Added: 03/10/2009 CVE: CVE-2008-2639 BID: 29634 OSVDB: 46105 Background The CitectSCADA and CitectFacilities applications include ODBC server capabilities to provide remote SQL access to a relational database. The ODBC Server component listens on port 20222/tcp by default. Problem A buffer overfl...

7.6CVSS7.7AI score0.77717EPSS
Exploits12
Saint
Saint
•added 2009/01/08 12:0 a.m.•54 views

Microsoft Works WkImgSrv.dll ActiveX Control WksPictureInterface vulnerability

Added: 01/08/2009 CVE: CVE-2008-1898 BID: 28820 OSVDB: 44458 Background Microsoft Works is a suite of productivity tools for home users. Problem The WkImgSrv.dll ActiveX control included in Microsoft Works allows command execution when a user loads a web page which instantiates the control with a...

9.3CVSS6.2AI score0.52033EPSS
Exploits7
Saint
Saint
•added 2008/07/25 12:0 a.m.•54 views

Oracle WebLogic Server Apache Connector POST buffer overflow

Added: 07/25/2008 CVE: CVE-2008-3257 BID: 30273 OSVDB: 47096 Background Oracle WebLogic Server formerly BEA WebLogic Server is a Java web application platform. Problem A buffer overflow in the Apache Connector for WebLogic Server allows remote attackers to execute arbitrary commands by sending a...

10CVSS7.8AI score0.83589EPSS
Exploits9
Saint
Saint
•added 2008/05/19 12:0 a.m.•54 views

Facebook PhotoUploader ActiveX control ExtractIptc buffer overflow

Added: 05/19/2008 CVE: CVE-2008-0660 BID: 27576 OSVDB: 41073 Background Facebook PhotoUploader is an ActiveX control which allows uploading of photos to the Facebook web site. It uses the Aurigma ImageUploader product. Problem A buffer overflow vulnerability in Facebook PhotoUploader allows comma...

9.3CVSS7AI score0.37762EPSS
Exploits5
Saint
Saint
•added 2007/11/09 12:0 a.m.•54 views

EMC NetWorker Remote Exec service subcmd buffer overflow

Added: 11/09/2007 CVE: CVE-2007-3618 BID: 25375 OSVDB: 39744 Background EMC NetWorker is a centralized data backup solution. Problem A buffer overflow vulnerability in the Remote Exec service nsrexecd.exe allows remote attackers to execute arbitrary commands by sending a long, invalid subcmd to a...

9.3CVSS7.8AI score0.07103EPSS
Exploits5
Saint
Saint
•added 2007/09/06 12:0 a.m.•54 views

ClamAV milter popen command injection

Added: 09/06/2007 CVE: CVE-2007-4560 BID: 25439 OSVDB: 36909 Background ClamAV is an open-source anti-virus toolkit. clamav-milter is a derivative of ClamAV for e-mail servers running Sendmail. Problem An insecure call to the popen function in clamav-milter, when running in black hole mode, allow...

7.6CVSS9.5AI score0.83539EPSS
Exploits12
Saint
Saint
•added 2007/05/16 12:0 a.m.•54 views

Trend Micro ServerProtect EarthAgent RPC buffer overflow

Added: 05/16/2007 CVE: CVE-2007-2508 BID: 23866 OSVDB: 35789 Background Trend Micro ServerProtect is a virus scanner for servers. It includes the EarthAgent daemon which listens for connections on port 3628/TCP. Problem A buffer overflow vulnerability in the EarthAgent daemon allows remote...

10CVSS7.7AI score0.77194EPSS
Exploits18
Saint
Saint
•added 2006/11/27 12:0 a.m.•54 views

Windows Workstation service NetpManageIPCConnect buffer overflow

Added: 11/27/2006 CVE: CVE-2006-4691 BID: 20985 OSVDB: 30263 Background The Windows Workstation service routes network requests for file or printer resources. Problem A buffer overflow in the NetpManageIPCConnect function in the Windows Workstation service allows command execution when a domain...

10CVSS6.8AI score0.80214EPSS
Exploits8
Saint
Saint
•added 2006/07/18 12:0 a.m.•54 views

ntdll.dll buffer overflow via IIS 5.0 WebDAV

Added: 07/18/2006 CVE: CVE-2003-0109 BID: 7116 OSVDB: 4467 Background The dynamic link library ntdll.dll is a core component of the Windows operating system. It is used by many operating system components including the WebDAV component of Microsoft IIS. Problem A buffer overflow in ntdll.dll allo...

7.5CVSS7.7AI score0.86396EPSS
Exploits13
Saint
Saint
•added 2006/03/16 12:0 a.m.•54 views

Internet Explorer isComponentInstalled buffer overflow

Added: 03/16/2006 CVE: CVE-2006-1016 BID: 16870 OSVDB: 31647 Background The isComponentInstalled method allows scripts to determine which components are installed. Problem Internet Explorer is affected by a buffer overflow in the isComponentInstalled method which can lead to remote command...

7.5CVSS7.1AI score0.66674EPSS
Exploits8
Saint
Saint
•added 2021/10/21 12:0 a.m.•53 views

Apache HTTP Server path traversal

Added: 10/21/2021 Background Apache HTTP Server is an HTTP server implementation for Linux and Windows. Problem A path traversal vulnerability allows remote attackers to execute arbitrary commands in certain configurations if CGI scripts are enabled. Resolution Upgrade to Apache HTTP Server 2.4.5...

8.2AI score
Exploits0
Saint
Saint
•added 2019/01/18 12:0 a.m.•53 views

Horde Imp Unauthenticated Remote Command Execution

Added: 01/18/2019 BID: 106018 Background The IMP is a web-based mail client for IMAP and POP3 accounts. It is built atop the Horde Application Framework, which is a general-purpose web application library written in PHP. Problem A vulnerability in Horde IMP could allow unauthenticated command...

7.7AI score
Exploits0
Saint
Saint
•added 2016/05/31 12:0 a.m.•53 views

HP Data Protector missing authentication

Added: 05/31/2016 CVE: CVE-2016-2004 Background HP OpenView Storage Data Protector is a backup solution for enterprise and distributed environments. Problem Data Protector does not authenticate users, even with Encrypted Control Communications enabled. This could allow an unauthenticated remote...

9.8CVSS9.7AI score0.94297EPSS
Exploits14
Saint
Saint
•added 2016/03/14 12:0 a.m.•53 views

Schneider Electric StruxureWare Building Operation Automation Server msh bypass

Added: 03/14/2016 CVE: CVE-2016-2278 Background The Schneider Electric StruxureWare Building Operation software suite provides integrated monitoring, control, and management of energy, HVAC, lighting and fire safety. The Automation Server is a building automation system for small and medium-sized...

9CVSS7.3AI score0.13426EPSS
Exploits7
Saint
Saint
•added 2014/05/13 12:0 a.m.•53 views

Linux kernel __sock_diag_rcv_msg Netlink message privilege elevation

Added: 05/13/2014 CVE: CVE-2013-1763 BID: 58137 OSVDB: 90604 Background Netlink is a feature of the Linux kernel which allows communication between kernel and user space. Problem An array index error in the sockdiagrcvmsg function in the Linux kernel allows local users to gain root privileges by...

7.2CVSS8.2AI score0.0418EPSS
Exploits12
Saint
Saint
•added 2014/01/28 12:0 a.m.•53 views

HP Data Protector Backup Client Service opcode 42 directory traversal

Added: 01/28/2014 CVE: CVE-2013-6194 BID: 64647 OSVDB: 101630 Background HP OpenView Storage Data Protector is a backup solution for enterprise and distributed environments. Problem A vulnerability in the Backup Client Service OmniInet.exe allows remote, unauthenticated attackers to write files t...

10CVSS7.4AI score0.65924EPSS
Exploits10
Saint
Saint
•added 2013/11/25 12:0 a.m.•53 views

PineApp Mail-SeCure confnetworking.html nsserver command execution

Added: 11/25/2013 CVE: CVE-2013-6830 BID: 63817 OSVDB: 100029 Background PineApp Mail-SeCure is an e-mail security appliance which provides perimeter security protection to stop threats prior to their penetration of the customer's network, as well as post-perimeter anti-spam content inspection...

7.5CVSS7.5AI score0.08929EPSS
Exploits5
Saint
Saint
•added 2013/09/09 12:0 a.m.•54 views

HP System Management Homepage iprange Parameter Stack Buffer Overflow

Added: 09/09/2013 CVE: CVE-2013-2362 BID: 61337 OSVDB: 95489 Background HP System Management Homepage SMH is a web-based interface that consolidates the management of ProLiant and Integrity servers. Problem A stack buffer overflow vulnerability in HP SMH allows command execution when an attacker...

2.1CVSS9.8AI score0.00527EPSS
Exploits4
Saint
Saint
•added 2013/06/03 12:0 a.m.•53 views

Internet Explorer VML Dashstyle Attributes Integer Overflow

Added: 06/03/2013 CVE: CVE-2013-2551 BID: 58570 OSVDB: 91197 Background Vector Markup Language VML is an XML-based format for vector graphics. Problem An integer overflow vulnerability in vml.dll when processing dashstyle attributes of certain VML elements in a web page allows arbitrary command...

9.3CVSS8.5AI score0.74096EPSS
Exploits9
Saint
Saint
•added 2013/05/06 12:0 a.m.•53 views

3S Smart Software Solutions CoDeSys Gateway Server Directory Traversal

Added: 05/06/2013 CVE: CVE-2012-4705 BID: 59446 OSVDB: 90368 Background Smart Software Solutions GmbH 3S manufactures CoDeSys Gateway Server, a Supervisory Control and Data Acquisition/Human-Machine Interface SCADA/HMI product. The Gateway Server listens on TCP port 1211. Problem 3S CoDeSys Gatew...

10CVSS7.3AI score0.65668EPSS
Exploits9
Saint
Saint
•added 2013/02/04 12:0 a.m.•53 views

Adobe InDesign Server SOAP interface RunScript command execution

Added: 02/04/2013 BID: 56574 OSVDB: 87548 Background Adobe InDesign is a desktop publishing application. It includes a server interface providing an API for software developers using SOAP. Problem The SOAP interface in Adobe InDesign Server allows remote, unauthenticated attackers to run arbitrar...

7.8AI score
Exploits0
Saint
Saint
•added 2012/11/26 12:0 a.m.•53 views

Webmin show.cgi Open Function Call Command Execution

Added: 11/26/2012 CVE: CVE-2012-2982 BID: 55446 OSVDB: 85248 Background Webmin is a web-based interface for system administration of Unix systems. The Webmin web server listens by default on port 10000/tcp. Problem Webmin 1.59 and earlier are vulnerable to remote code execution as a result of...

6.5CVSS7.2AI score0.61925EPSS
Exploits10
Saint
Saint
•added 2012/09/19 12:0 a.m.•53 views

Internet Explorer CMshtmlEd execCommand Use After Free

Added: 09/19/2012 CVE: CVE-2012-4969 BID: 55562 OSVDB: 85532 Background Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems. Problem Internet Explorer does not properly clean up references to objects passed to the execCommand Javascript method. If...

9.3CVSS8.2AI score0.81716EPSS
Exploits8
Saint
Saint
•added 2012/02/09 12:0 a.m.•53 views

Adobe Flash Player MP4 Sequence Parameter Set Processing

Added: 02/09/2012 CVE: CVE-2011-2140 BID: 49083 OSVDB: 74439 Background Adobe Flash Player is a cross-platform browser plug-in providing visual enhancements for web pages. Problem The Adobe Flash Player Sub1005B396 function allows command execution when a user opens a specially crafted .swf file...

10CVSS8.9AI score0.82258EPSS
Exploits15
Saint
Saint
•added 2011/12/21 12:0 a.m.•53 views

Adobe Reader U3D Heap Overflow

Added: 12/21/2011 CVE: CVE-2011-2462 BID: 50922 OSVDB: 77529 Background Adobe Reader is free software for viewing PDF documents. Problem A heap memory corruption vulnerability exists in Adobe Acrobat Reader. The vulnerability is due to an input validation error while parsing Universal 3D U3D file...

10CVSS9.9AI score0.86238EPSS
Exploits16
Saint
Saint
•added 2011/12/02 12:0 a.m.•53 views

Oracle Java Rhino Script Engine Code Execution

Added: 12/02/2011 CVE: CVE-2011-3544 BID: 50218 OSVDB: 76500 Background Java is a programming language that compiles programs to bytecode, which is then executed inside a Java Virtual Machine. This is optimal for applications that must run on various hardware platforms, such as web applets. Java...

10CVSS10AI score0.96714EPSS
Exploits13
Saint
Saint
•added 2011/10/24 12:0 a.m.•53 views

Apple Safari libxslt File Create

Added: 10/24/2011 CVE: CVE-2011-1774 BID: 48840 OSVDB: 74017 Background Safari is a web browser for Mac OS X and Windows. Problem Safari versions prior to 5.0.6 use unsafe security settings when implementing libxslt. An attacker may leverage this weakness by creating a web page that references a...

8.8CVSS6.8AI score0.43195EPSS
Exploits11
Saint
Saint
•added 2011/08/01 12:0 a.m.•53 views

Oracle Warehouse Builder SQL Injection

Added: 08/01/2011 CVE: CVE-2011-0799 BID: 47431 OSVDB: 71956 Background Oracle Warehouse Builder OWB is an ETL tool produced by Oracle that offers a graphical environment to build, manage and maintain data integration processes in business intelligence systems. Problem A SQL injection vulnerabili...

6.5CVSS6.9AI score0.01735EPSS
Exploits4
Saint
Saint
•added 2011/08/01 12:0 a.m.•53 views

Oracle Warehouse Builder SQL Injection

Added: 08/01/2011 CVE: CVE-2011-0799 BID: 47431 OSVDB: 71956 Background Oracle Warehouse Builder OWB is an ETL tool produced by Oracle that offers a graphical environment to build, manage and maintain data integration processes in business intelligence systems. Problem A SQL injection vulnerabili...

6.5CVSS6.9AI score0.01735EPSS
Exploits4
Saint
Saint
•added 2011/06/27 12:0 a.m.•53 views

VideoLAN VLC Media Player MKV Demuxer Code Execution

Added: 06/27/2011 CVE: CVE-2011-0531 BID: 46060 OSVDB: 70698 Background VLC media player is a media player supporting various audio and video formats for multiple platforms. Problem VideoLan VLC 1.1.6.1 and earlier are vulnerable to a remote code execution vulnerability as a result of insufficien...

9.3CVSS6.7AI score0.41582EPSS
Exploits7
Saint
Saint
•added 2011/06/14 12:0 a.m.•53 views

Quest Big Brother Remote File Overwrite

Added: 06/14/2011 BID: 47805 OSVDB: 72347 Background Quest Big Brother is server monitoring package. Problem The 'bbntd.exe' service of the Big Brother server version 4.40 and prior does not properly sanitize user requests and may allow an attacker to upload files using a directory traversal...

1.4AI score
Exploits0
Saint
Saint
•added 2011/02/22 12:0 a.m.•53 views

HP Universal CMDB Server Axis2 default password

Added: 02/22/2011 CVE: CVE-2010-0219 BID: 45625 OSVDB: 70233 Background HP Universal CMDB Server 9.0 is a modular management system that consists of a rich business-service-oriented data model with built-in discovery of configuration items CIs and configuration item dependencies, visualization an...

10CVSS8.2AI score0.89871EPSS
Exploits17
Saint
Saint
•added 2010/12/06 12:0 a.m.•53 views

Oracle Secure Backup Administration preauth variable command injection

Added: 12/06/2010 CVE: CVE-2010-0906 BID: 41597 OSVDB: 67128 Background Oracle Secure Backup is a centralized tape backup management solution for Oracle Database. Problem A vulnerability in the Administration server allows remote, authenticated attackers to execute arbitrary commands which are...

9CVSS6.9AI score0.02243EPSS
Exploits12
Saint
Saint
•added 2010/11/26 12:0 a.m.•53 views

Oracle Virtual Server Agent Command Injection

Added: 11/26/2010 CVE: CVE-2010-3582 BID: 44031 Background Oracle VM software provides virtualization technology that allows running multiple instances of x86 virtual computers simultaneously within the host operating system. It supports many Oracle and non-Oracle based systems such as Windows,...

9CVSS7.2AI score0.02381EPSS
Exploits4
Saint
Saint
•added 2010/11/16 12:0 a.m.•53 views

Adobe Flash Player Flash Content Parsing Code Execution

Added: 11/16/2010 CVE: CVE-2010-3654 BID: 44504 OSVDB: 68932 Background Adobe Reader is free software for viewing PDF documents. Problem Adobe Reader 9.x is vulnerable to a remote code execution vulnerability as a result of parsing flash content by the bundled Adobe Flash Player. Resolution Apply...

9.3CVSS8AI score0.69679EPSS
Exploits14
Saint
Saint
•added 2010/02/26 12:0 a.m.•53 views

Oracle Database DBMS_JVM_EXP_PERMS IMPORT_JVM_PERMS privilege elevation

Added: 02/26/2010 BID: 38115 OSVDB: 62184 Background Oracle Database embeds a Java runtime environment called OracleJVM. The DBMSJVMEXPPERMS package is included in Oracle Database and is used for importing and exporting Java permissions between database servers. Problem A privilege elevation...

1.8AI score
Exploits0
Saint
Saint
•added 2010/01/12 12:0 a.m.•53 views

Novell iPrint Client ienipp.ocx target-frame buffer overflow

Added: 01/12/2010 CVE: CVE-2009-1568 BID: 37242 OSVDB: 60803 Background Novell iPrint is an application which allows users to install and manage printers. Novell iPrint installs the Novell iPrint Control ActiveX control named ienipp.ocx. Problem A buffer overflow in ienipp.ocx allows command...

9.3CVSS6.9AI score0.32168EPSS
Exploits9
Saint
Saint
•added 2009/06/16 12:0 a.m.•53 views

Windows Print Spooler EnumeratePrintShares buffer overflow

Added: 06/16/2009 CVE: CVE-2009-0228 BID: 35206 Background The Windows Print Spooler manages the printing process on Windows operating systems. Problem A buffer overflow vulnerability in the EnumeratePrintShares function in the Windows Print Spooler service allows arbitrary command execution when...

10CVSS6.9AI score0.20501EPSS
Exploits6
Saint
Saint
•added 2009/03/12 12:0 a.m.•53 views

Tivoli Storage Manager heap corruption

Added: 03/12/2009 CVE: CVE-2008-4563 BID: 34077 Background IBM Tivoli Storage Manager TSM provides centralized management for automated backup and restoration operations. Problem A heap overflow allows remote attackers to execute arbitrary commands. Resolution Apply the workaround or solution...

10CVSS7.6AI score0.28987EPSS
Exploits5
Saint
Saint
•added 2009/02/26 12:0 a.m.•53 views

Java Runtime Environment JAR manifest Main Class buffer overflow

Added: 02/26/2009 CVE: CVE-2008-5354 BID: 32608 OSVDB: 50499 Background Java Runtime Environment JRE allows end users to run Java applications. Problem A buffer overflow vulnerability in JRE allows command execution when a user opens a JAR archive containing a manifest file with a specially craft...

9.3CVSS7.9AI score0.04798EPSS
Exploits5
Saint
Saint
•added 2008/05/08 12:0 a.m.•53 views

Adobe Photoshop Album Starter Edition BMP image header buffer overflow

Added: 05/08/2008 CVE: CVE-2008-1765 BID: 28874 OSVDB: 44579 Background Adobe Photoshop Album Starter Edition is free software for editing and sharing photos. Problem A buffer overflow vulnerability in Adobe Photoshop Album Starter Edition allows command execution when a user opens a BMP image fi...

9.3CVSS7.1AI score0.19962EPSS
Exploits6
Saint
Saint
•added 2008/05/08 12:0 a.m.•53 views

Adobe Photoshop Album Starter Edition BMP image header buffer overflow

Added: 05/08/2008 CVE: CVE-2008-1765 BID: 28874 OSVDB: 44579 Background Adobe Photoshop Album Starter Edition is free software for editing and sharing photos. Problem A buffer overflow vulnerability in Adobe Photoshop Album Starter Edition allows command execution when a user opens a BMP image fi...

9.3CVSS7.1AI score0.19962EPSS
Exploits6
Saint
Saint
•added 2008/04/09 12:0 a.m.•53 views

Windows GDI EMF filename buffer overflow

Added: 04/09/2008 CVE: CVE-2008-1087 BID: 28570 OSVDB: 44215 Background The Windows Graphics Device Interface GDI interacts with graphics device drivers on behalf of applications. Problem A buffer overflow in Windows GDI allows command execution when a user opens a specially crafted EMF file...

9.3CVSS8.3AI score0.56603EPSS
Exploits5
Saint
Saint
•added 2008/04/09 12:0 a.m.•53 views

Windows GDI EMF filename buffer overflow

Added: 04/09/2008 CVE: CVE-2008-1087 BID: 28570 OSVDB: 44215 Background The Windows Graphics Device Interface GDI interacts with graphics device drivers on behalf of applications. Problem A buffer overflow in Windows GDI allows command execution when a user opens a specially crafted EMF file...

9.3CVSS8.3AI score0.56603EPSS
Exploits5
Saint
Saint
•added 2008/04/04 12:0 a.m.•53 views

Microsoft Office Drawing Shapes memory corruption vulnerability

Added: 04/04/2008 CVE: CVE-2008-0118 BID: 28146 OSVDB: 42709 Background Microsoft Office is a package which provides word processing, spreadsheet, presentation, e-mail, and calendaring capabilities for Microsoft Windows workstations. Problem A memory corruption vulnerability allows command...

9.3CVSS9.6AI score0.34842EPSS
Exploits5
Saint
Saint
•added 2007/12/07 12:0 a.m.•53 views

Lotus Notes Lotus 1-2-3 file viewer buffer overflow

Added: 12/07/2007 CVE: CVE-2007-6593 BID: 26604 OSVDB: 40796 Background Lotus Notes is the client for Lotus Domino servers. Lotus Notes uses the Autonomy KeyView library to process files in the Lotus Worksheet File format WKS used by Lotus 1-2-3. Problem A buffer overflow vulnerability in the...

8.8CVSS6.8AI score0.06301EPSS
Exploits4
Saint
Saint
•added 2007/09/11 12:0 a.m.•53 views

Microsoft Agent crafted URL vulnerability

Added: 09/11/2007 CVE: CVE-2007-3040 BID: 25566 OSVDB: 36934 Background Microsoft Agent is a component of the Windows operating system designed to make using a computer easier through enriched user interaction. Problem A vulnerability in Microsoft Agent allows command execution when a user loads ...

9.3CVSS6.4AI score0.57217EPSS
Exploits6
Saint
Saint
•added 2007/02/16 12:0 a.m.•53 views

Solaris telnetd authentication bypass

Added: 02/16/2007 CVE: CVE-2007-0882 BID: 22512 OSVDB: 31881 Background The Telnet service allows remote users to authenticate to a system and use an interactive command shell. The Telnet service is implemented by the Telnet daemon, telnetd. Problem The telnetd program in Solaris 10 and 11...

10CVSS7.5AI score0.97848EPSS
Exploits13
Saint
Saint
•added 2006/09/05 12:0 a.m.•53 views

Windows Task Scheduler buffer overflow

Added: 09/05/2006 CVE: CVE-2004-0212 BID: 10708 OSVDB: 7798 Background The Windows Task Scheduler is used to schedule commands to run at specified times. Problem A buffer overflow vulnerability in the Task Scheduler could allow command execution when a specially crafted .job file is processed...

10CVSS7.1AI score0.66952EPSS
Exploits4
Saint
Saint
•added 2006/05/15 12:0 a.m.•53 views

Windows compressed folders buffer overflow

Added: 05/15/2006 CVE: CVE-2004-0575 BID: 11382 OSVDB: 10695 Background Microsoft Windows XP and Windows Server 2003 include the ability to natively handle ZIP files. Problem A buffer overflow when handling compressed folders allows command execution when a specially crafted ZIP file is opened by...

10CVSS6.8AI score0.603EPSS
Exploits4
Total number of security vulnerabilities4305