4305 matches found
Windows Task Scheduler buffer overflow
Added: 09/05/2006 CVE: CVE-2004-0212 BID: 10708 OSVDB: 7798 Background The Windows Task Scheduler is used to schedule commands to run at specified times. Problem A buffer overflow vulnerability in the Task Scheduler could allow command execution when a specially crafted .job file is processed...
Windows compressed folders buffer overflow
Added: 05/15/2006 CVE: CVE-2004-0575 BID: 11382 OSVDB: 10695 Background Microsoft Windows XP and Windows Server 2003 include the ability to natively handle ZIP files. Problem A buffer overflow when handling compressed folders allows command execution when a specially crafted ZIP file is opened by...
TWiki Search.pm shell command injection
Added: 04/06/2006 CVE: CVE-2004-1037 BID: 11674 OSVDB: 11714 Background TWiki is a web-based collaboration platform written in PERL. Problem The Search.pm module does not sufficiently check search strings for illegal characters, allowing remote attackers to execute commands using search strings...
KACE K1000 Remote Code Execution
Added: 04/16/2019 Background KACE Systems Management Appliance manages, secures, and services network-connected devices. Problem A vulnerability in KACE Systems Management Appliance K1000 could allow unauthenticated command execution. Resolution Upgrade to the latest version of your KACE Systems...
Apache Continuum saveInstallation.action command execution
Added: 06/15/2016 Background Apache Continuum is a continuous integration server for Java projects. Problem A remote attacker could execute arbitrary commands by sending a POST request to saveInstallation.action with a specially crafted installation.varValue parameter. Resolution Upgrade to a...
OS X rootpipe privilege elevation
Added: 04/14/2015 CVE: CVE-2015-1130 BID: 73982 OSVDB: 120418 Background OS X is an operating system for Mac computers. Problem The Admin framework in OS X contains a hidden backdoor API which allows local users to gain root privileges. Resolution Upgrade to OS X 10.10.3 or apply security update...
Windows OLE Package Manager CPackage::DoVerb() INF File Download Vulnerability
Added: 10/24/2014 CVE: CVE-2014-4114 BID: 70419 OSVDB: 113140 Background OLE Object Linking and Embedding is a technology that allows applications to share data and functionality, such as the ability to create and edit compound data, i.e., data that contains information in multiple formats. For...
Kolibri WebServer HTTP GET Request Handling Buffer Overflow
Added: 08/07/2014 CVE: CVE-2014-4158 BID: 68195 OSVDB: 108090 Background SENKAS Kolibri Webserver is a free very simple web server for Microsoft Windows that supports serving static web content. Problem Kolibri Webserver is vulnerable to a stack buffer overflow as a result of failure to properly...
Android WebView addJavascriptInterface Arbitrary Java Method Access
Added: 02/11/2014 CVE: CVE-2013-4710 OSVDB: 97520 Background Android is a Linux-based operating system used primarily on touchscreen mobile devices such as smartphones and tablet computers. It was originally developed by Android Inc., but is now owned by Google. WebView is a sub-class of the...
Oracle Java java.awt.image.ByteComponentRaster Overflow
Added: 10/24/2013 CVE: CVE-2013-2473 BID: 60623 OSVDB: 94336 Background Java is a programming language that compiles programs to bytecode, which is then executed inside a Java Virtual Machine. This is optimal for applications that must run on various hardware platforms, such as web applets. Probl...
HP LeftHand Virtual SAN Appliance hydra Ping Hostname Overflow
Added: 09/19/2013 CVE: CVE-2012-3285 BID: 57754 OSVDB: 89919 Background HP LeftHand Virtual SAN Appliance VSA software is a VMware certified SAN/storage device and virtual appliance that provides complete SAN functionality for VMware Infrastructure without external SAN hardware. Problem HP LeftHa...
Nagios 3 history.cgi Command Injection
Added: 01/28/2013 CVE: CVE-2012-6096 BID: 56879 OSVDB: 88322 Background Nagios is a network host and service monitoring and management system. Problem The Nagios history.cgi script is vulnerable to a stack overflow when parsing the host parameter. This may allow an attacker to execute arbitrary...
Oracle WebCenter Forms Recognition SSSplitter ActiveX Overwrite
Added: 05/02/2012 CVE: CVE-2012-1710 BID: 53062 OSVDB: 81366 Background Oracle WebCenter Imaging is a combined document management and business process management suite, marketed as a component of the Oracle Fusion Middleware portfolio of products. Oracle Forms Recognition OFR is an intelligent...
Java Runtime Environment MixerSequence Function Pointer Control
Added: 02/28/2012 CVE: CVE-2010-0842 BID: 39077 OSVDB: 63493 Background The Java Runtime Environment JRE is part of the Java Development Kit JDK, a set of programming tools for developing Java applications. The Java Runtime Environment provides the minimum requirements for executing a Java...
Novell ZENworks LaunchHelp.dll ActiveX Control LaunchProcess Code Execution
Added: 11/14/2011 CVE: CVE-2011-2657 BID: 50274 OSVDB: 76700 Background Novell ZENworks Configuration Management is an IT desktop computer management suite that provides the ability to install, configure and administer desktop computers from a centralized location. The product is based on a...
7-Technologies Interactive Graphical SCADA System Remote Code Execution
Added: 04/17/2011 CVE: CVE-2011-1567 BID: 46936 Background 7-Technologies Interactive Graphical SCADA System IGSS is a SCADA solution used mainly in Denmark and the US. Problem 7T IGSS server contains multiple stack overflows, a format string vulnerability, a remote command execution vulnerabilit...
Cisco Security Agent Management Center Code Execution
Added: 03/17/2011 CVE: CVE-2011-0364 BID: 65436 OSVDB: 70884 Background Cisco Security Agent Management Center is the server component of Cisco's Security Agent endpoint IPS solution. It is responsible for collecting event log information from endpoints and distributing rules updates. Problem The...
Windows Help and Support Center -FromHCP URL whitelist bypass
Added: 06/15/2010 CVE: CVE-2010-1885 BID: 40725 OSVDB: 65264 Background The Microsoft Windows Help and Support Center is a resource in Microsoft Windows operating systems for online help, support, tools, how-to articles, and other resources. Problem A vulnerability in Windows Help and Support...
Java Runtime Environment Soundbank Resource Name Stack Buffer Overflow
Added: 04/22/2010 CVE: CVE-2010-0839 BID: 39070 OSVDB: 63494 Background The Java Runtime Environment JRE is part of the Java Development Kit JDK, a set of programming tools for developing Java applications. The JRE Java programming class library contains the Java Sound Application Interface API t...
Sun Java Web Start command-line argument injection
Added: 04/20/2010 CVE: CVE-2010-0886 BID: 39492 OSVDB: 63798 Background Sun Java Web Start allows standalone Java applications, called JNLP files, to be executed by the Java Runtime Environment JRE. Problem A vulnerability in Sun Java Web Start allows execution of arbitrary commands which are...
Microsoft Office Web Components OWC.Spreadsheet.9 HTMLURL property overflow
Added: 08/14/2009 CVE: CVE-2009-1534 BID: 35992 OSVDB: 56916 Background Microsoft Office Web Components OWC are a group of OLE classes implemented as ActiveX controls. Problem A buffer overflow vulnerability in the OWC.Spreadsheet.9 ActiveX control allows command execution when a user loads a web...
Novell GroupWise Internet Agent e-mail address buffer overflow
Added: 06/05/2009 CVE: CVE-2009-1636 BID: 35064 OSVDB: 54645 Background Novell GroupWise is an e-mail and collaboration product suite. Problem A buffer overflow vulnerability allows a remote attacker to execute arbitrary commands by sending a message containing a specially crafted e-mail address ...
Oracle WebLogic Server IIS Connector JSESSIONID buffer overflow
Added: 04/10/2009 CVE: CVE-2008-5457 BID: 33177 Background Oracle WebLogic Server formerly BEA WebLogic Server is a Java web application platform. Problem A buffer overflow vulnerability in the WebLogic IIS connector allows remote attackers to execute arbitrary commands by sending a long, special...
Tivoli Storage Manager heap corruption
Added: 03/12/2009 CVE: CVE-2008-4563 BID: 34077 Background IBM Tivoli Storage Manager TSM provides centralized management for automated backup and restoration operations. Problem A heap overflow allows remote attackers to execute arbitrary commands. Resolution Apply the workaround or solution...
Fujitsu SystemcastWizard Lite PXE service buffer overflow
Added: 03/03/2009 CVE: CVE-2009-0270 BID: 33342 OSVDB: 51486 Background SystemcastWizard Lite is support software for the setup of Primequest systems. Problem A buffer overflow vulnerability allows remote attackers to execute arbitrary commands by sending a long, specially crafted datagram to the...
Adobe Reader JBIG2 image stream buffer overflow
Added: 02/27/2009 CVE: CVE-2009-0658 BID: 33751 OSVDB: 52073 Background Adobe Acrobat is software for creating PDF documents. Adobe Reader is free software for viewing PDF documents. Problem A buffer overflow vulnerability allows command execution when a user opens a PDF file containing a special...
Norton AntiSpam 2004 SymSpamHelper ActiveX control buffer overflow
Added: 12/24/2008 CVE: CVE-2004-0363 BID: 9916 OSVDB: 6249 Background Norton AntiSpam 2004, which is included in Norton Internet Security 2004, is spam filtering software. Problem A buffer overflow vulnerability in the SymSpamHelper ActiveX control symspam.dll allows command execution when a user...
GoodTech SSH Server SFTP buffer overflow
Added: 11/28/2008 CVE: CVE-2008-4726 BID: 31879 OSVDB: 49249 Background GoodTech SSH Server is an SSH Server providing secure remote console, secure file transfer, and secure port forwarding capabilities for Windows platforms. Problem Buffer overflow vulnerabilities in GoodTech SSH Server allow...
Adobe Acrobat and Reader JavaScript buffer overflow
Added: 11/13/2008 CVE: CVE-2007-5659 BID: 27641 OSVDB: 41495 Background Adobe Acrobat is software for creating PDF documents. Adobe Reader is free software for viewing PDF documents. Problem Buffer overflow vulnerabilities in several JavaScript functions allow command execution when a user loads ...
Novell GroupWise Client IMG SRC buffer overflow
Added: 01/15/2008 CVE: CVE-2007-6435 BID: 26875 OSVDB: 40870 Background Novell GroupWise is an e-mail and collaboration product suite. Problem A buffer overflow vulnerability in the GroupWise client allows command execution when a user replies to or forwards a message containing an IMG tag with a...
Samba lsa_io_trans_names buffer overflow
Added: 12/24/2007 CVE: CVE-2007-2446 BID: 24195 OSVDB: 34699 Background Samba is a software package which implements the SMB protocol on a variety of platforms, providing compatibility with Windows systems. Problem A vulnerability in the LSA RPC interface allows a remote attacker to execute...
Lotus Domino IMAP mailbox name buffer overflow
Added: 11/02/2007 CVE: CVE-2007-3510 BID: 26176 OSVDB: 40953 Background IBM Lotus Domino is a messaging and collaboration solution for multiple platforms. Problem A buffer overflow vulnerability in Lotus Domino could allow a remote, authenticated attacker to execute arbitrary commands by sending ...
BrightStor ARCserve Message Engine opnum 0x10d buffer overflow
Added: 10/18/2007 CVE: CVE-2007-5327 BID: 26015 OSVDB: 41369 Background CA ARCserve Bac kup formerly BrightStor ARCserve Backup is a backup and recovery solution. It runs a Message Engine RPC service on port 6504/TCP by default. Problem A buffer overflow in BrightStor ARCserve Backup allows remot...
Microsoft SQL Server Distributed Management Objects buffer overflow
Added: 10/11/2007 CVE: CVE-2007-4814 BID: 25594 OSVDB: 38399 Background Microsoft SQL Server includes a Distributed Management Object model which offers a modern, object-oriented alternative to using stored procedures. The Distributed Management Object model is implemented by the sqldmo.dll Activ...
ClamAV milter popen command injection
Added: 09/06/2007 CVE: CVE-2007-4560 BID: 25439 OSVDB: 36909 Background ClamAV is an open-source anti-virus toolkit. clamav-milter is a derivative of ClamAV for e-mail servers running Sendmail. Problem An insecure call to the popen function in clamav-milter, when running in black hole mode, allow...
Sun Java System Web Proxy sockd buffer overflow
Added: 05/30/2007 CVE: CVE-2007-2881 BID: 24165 OSVDB: 35841 Background The Sun Java System Web Proxy Server formerly Sun ONE Web Proxy Server provides content filtering and caching capabilities. It is a companion product to the Sun Java System Web Server. Problem A buffer overflow vulnerability ...
Trend Micro ServerProtect ENG_SendEMail buffer overflow
Added: 03/02/2007 CVE: CVE-2007-1070 BID: 22639 OSVDB: 33042 Background Trend Micro ServerProtect is a virus scanner for servers. Problem A buffer overflow vulnerability in the ENGSendEMail function allows remote attackers to execute arbitrary commands by sending a specially crafted RPC request...
BrightStor ARCserve discovery service ASBRDCST.DLL buffer overflow
Added: 10/19/2006 CVE: CVE-2006-5143 BID: 20365 OSVDB: 29534 Background The BrightStor ARCserve Backup server includes a discovery service which listens on ports 41523/TCP and 41524/UDP. Problem A buffer overflow vulnerability in the ASBRDCST.DLL library allows remote attackers to execute arbitra...
Microsoft Message Queuing buffer overflow
Added: 10/06/2006 CVE: CVE-2005-0059 BID: 13112 OSVDB: 15458 Background Microsoft Message Queuing allows applications which may be running at different times to communicate across a network. Problem A buffer overflow in Microsoft Message Queuing allows remote attackers to execute arbitrary...
Windows Task Scheduler buffer overflow
Added: 09/05/2006 CVE: CVE-2004-0212 BID: 10708 OSVDB: 7798 Background The Windows Task Scheduler is used to schedule commands to run at specified times. Problem A buffer overflow vulnerability in the Task Scheduler could allow command execution when a specially crafted .job file is processed...
Windows Server Service buffer overflow
Added: 08/11/2006 CVE: CVE-2006-3439 BID: 19409 OSVDB: 27845 Background The Windows Server Service supports file, print, and named-pipe sharing over the network. Problem A buffer overflow vulnerability in the Windows Server Service allows remote attackers to execute arbitrary commands. Resolution...
BrightStor ARCserve Universal Agent buffer overflow
Added: 08/07/2006 CVE: CVE-2005-1018 BID: 13102 OSVDB: 15471 Background The BrightStor ARCserve Backup family of products includes a Universal Agent which listens for connections on port 6050/TCP. Problem A buffer overflow in the Universal Agent allows remote attackers to execute arbitrary comman...
Lotus Notes HTML Speed Reader URL buffer overflow
Added: 02/17/2006 CVE: CVE-2005-2618 BID: 16576 OSVDB: 23068 Background Lotus Notes is the client for Lotus Domino servers. Problem A buffer overflow in the HTML Speed Reader component of the Lotus Notes e-mail client allows command execution by a specially crafted e-mail message containing a lon...
QuickTime JPEG buffer overflow
Added: 01/24/2006 CVE: CVE-2005-2340 BID: 16212 OSVDB: 22335 Background QuickTime is a media player for Windows and Mac OS platforms. Problem A buffer overflow in QuickTime allows command execution when a user opens a specially crafted JPEG file. Resolution Upgrade to QuickTime 7.0.4 or higher...
Internet Explorer inline content filename extension vulnerability
Added: 11/25/2005 CVE: CVE-2001-0727 BID: 3578 OSVDB: 3033 Background Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems. Problem Using a null byte %00 in the filename field found in the Content-disposition header, a remote web server may be able to...
WebEx browser extension command execution
Added: 01/26/2017 CVE: CVE-2017-3823 BID: 95737 Background Cisco WebEx is an online meeting solution. Extensions are available for all major web browsers, which enable users to join meetings from their browser. Problem A vulnerability in the WebEx browser extensions allows command execution when ...
Ubuntu overlayfs privilege elevation
Added: 06/26/2015 CVE: CVE-2015-1328 BID: 75206 Background Overlayfs is a type of file system for Linux which implements a union mount. Problem In Ubuntu, overlayfs fails to correctly check file permissions when creating new files in the upper filesystem directory. This can be exploited by an...
Linux kernel __sock_diag_rcv_msg Netlink message privilege elevation
Added: 05/13/2014 CVE: CVE-2013-1763 BID: 58137 OSVDB: 90604 Background Netlink is a feature of the Linux kernel which allows communication between kernel and user space. Problem An array index error in the sockdiagrcvmsg function in the Linux kernel allows local users to gain root privileges by...
RealPlayer RMP File Version Attribute Buffer Overflow
Added: 12/27/2013 CVE: CVE-2013-6877 BID: 64398 OSVDB: 101356 Background RealNetworks RealPlayer includes an embedded player which plays media embedded in a web page. Problem RealNetworks Windows RealPlayer 17.0.2.206 and earlier versions are vulnerable to remote code execution due to improper...
Oracle Java java.awt.image.ByteComponentRaster Overflow
Added: 10/24/2013 CVE: CVE-2013-2473 BID: 60623 OSVDB: 94336 Background Java is a programming language that compiles programs to bytecode, which is then executed inside a Java Virtual Machine. This is optimal for applications that must run on various hardware platforms, such as web applets. Probl...