Lucene search
K
SaintMost viewed

4305 matches found

Saint
Saint
•added 2017/12/14 12:0 a.m.•48 views

HP Intelligent Management Center dbman opcode 10008 command injection

Added: 12/14/2017 CVE: CVE-2017-5816 BID: 98469 Background HP Intelligent Management Center IMC, also known as HP iNode Management Center, is a comprehensive management platform for delivering integrated, modular network management capabilities. Problem A remote, unauthenticated attacker could...

10CVSS8.2AI score0.86466EPSS
Exploits13
Saint
Saint
•added 2014/09/02 12:0 a.m.•48 views

F5 rsync daemon ConfigSync interface cmi module vulnerability

Added: 09/02/2014 CVE: CVE-2014-2927 BID: 69461 OSVDB: 110595 Background F5 BIG-IP is a suite of security, availability and acceleration products. Problem When configured to support failover, multiple BIG-IP products are vulnerable to an unauthenticated rsync access vulnerability that can be...

9.3CVSS7.4AI score0.0792EPSS
Exploits5
Saint
Saint
•added 2014/04/17 12:0 a.m.•48 views

Internet Explorer CMarkup Object Handling Use-after-free Vulnerability

Added: 04/17/2014 CVE: CVE-2014-0322 BID: 65551 OSVDB: 103354 Background Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems. Problem Microsoft Internet Explorer 9 and 10 contain a use-after-free vulnerability in the CMarkup component of the MSHTML...

9.3CVSS9.1AI score0.85239EPSS
Exploits23
Saint
Saint
•added 2013/08/30 12:0 a.m.•48 views

Oracle Java Runtime Environment AWT storeImageArray Vulnerability

Added: 08/30/2013 CVE: CVE-2013-2465 BID: 60657 OSVDB: 94339 Background Java Runtime Environment JRE allows end users to run Java applications. Problem A buffer overflow vulnerability in the storeImageArray function of the Abstract Window Toolkit AWT library awt.dll allows command execution when ...

10CVSS8.3AI score0.98704EPSS
Exploits10
Saint
Saint
•added 2013/08/19 12:0 a.m.•48 views

Oracle WebCenter Content CheckOutAndOpen.dll ActiveX Control Vulnerability

Added: 08/19/2013 CVE: CVE-2013-1559 BID: 59122 OSVDB: 92386 Background Oracle WebCenter Content is an open platform that allows users to create a vast range of content management applications. It consolidates unstructured content from across diverse systems so it can be centrally managed and the...

4CVSS6.6AI score0.58817EPSS
Exploits9
Saint
Saint
•added 2013/07/09 12:0 a.m.•48 views

HP Data Protector opcode 259 buffer overflow

Added: 07/09/2013 CVE: CVE-2013-2329 BID: 60304 OSVDB: 93863 Background HP Data Protector is an automated data backup solution. Problem A buffer overflow vulnerability when handling requests with opcode 259 allows remote attackers to execute arbitrary commands. Resolution Apply a patch referenced...

10CVSS7.5AI score0.61043EPSS
Exploits4
Saint
Saint
•added 2013/01/25 12:0 a.m.•48 views

rsh Excessive Trust Vulnerability

Added: 01/25/2013 CVE: CVE-1999-0515 Background The rsh service allows remote users, using an rsh client, to execute individual shell commands on an rsh server without the need for a password. The rsh process uses the .rhosts file to list trusted hosts those machines allowed to use the service...

10CVSS7.9AI score0.04635EPSS
Exploits4
Saint
Saint
•added 2012/10/22 12:0 a.m.•48 views

HP SiteScope SOAP Call APIPreferenceImpl Security Bypass

Added: 10/22/2012 CVE: CVE-2012-3261 BID: 55269 OSVDB: 85796 Background HP SiteScope is an agentless software application used to monitor the availability and performance of distributed IT infrastructures including servers, operating systems, network and Internet services, applications and...

10CVSS7.1AI score0.40225EPSS
Exploits5
Saint
Saint
•added 2012/03/26 12:0 a.m.•48 views

Apache Struts 2 ParametersInterceptor OGNL Command Injection

Added: 03/26/2012 CVE: CVE-2011-3923 BID: 51628 OSVDB: 78109 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Problem...

9.8CVSS9.7AI score0.88829EPSS
Exploits16
Saint
Saint
•added 2012/03/26 12:0 a.m.•48 views

Apache Struts 2 ParametersInterceptor OGNL Command Injection

Added: 03/26/2012 CVE: CVE-2011-3923 BID: 51628 OSVDB: 78109 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Problem...

9.7AI score0.88829EPSS
Exploits16
Saint
Saint
•added 2012/03/02 12:0 a.m.•48 views

Java Web Start initial heap size command injection

Added: 03/02/2012 CVE: CVE-2012-0500 BID: 52015 OSVDB: 79227 Background Sun Java Web Start allows standalone Java applications, called JNLP files, to be executed by the Java Runtime Environment JRE. Problem A vulnerability in Java Web Start allows arbitrary command-line argument injection through...

10CVSS9.4AI score0.58974EPSS
Exploits17
Saint
Saint
•added 2012/02/03 12:0 a.m.•48 views

Oracle Outside In Library OOXML Overflow

Added: 02/03/2012 CVE: CVE-2012-0110 BID: 51452 OSVDB: 78411 Background Oracle Outside In is a a suite of software development kits that allows developers with a comprehensive solution to access, transform, and control the contents of over 500 unstructured file formats. Problem Outside In version...

4.4CVSS6.2AI score0.00356EPSS
Exploits4
Saint
Saint
•added 2012/01/16 12:0 a.m.•48 views

Trend Micro Control Manager AddTask buffer overflow

Added: 01/16/2012 CVE: CVE-2011-5001 BID: 50965 OSVDB: 77585 Background Trend Micro Control Manager streamlines administration of Trend Micro security solutions. Problem A buffer overflow vulnerability in the AddTask function allows remote attackers to execute arbitrary code by sending a speciall...

10CVSS7.9AI score0.64742EPSS
Exploits9
Saint
Saint
•added 2012/01/12 12:0 a.m.•48 views

Microsoft PowerPoint Floating Point Techno-color Time Bandit vulnerability

Added: 01/12/2012 CVE: CVE-2011-0655 BID: 47252 OSVDB: 71771 Background Microsoft PowerPoint is presentation software included in the Microsoft Office desktop suite. Problem The vulnerability is caused when PowerPoint reads an invalid record in a specially crafted PowerPoint file. A remote attack...

9.3CVSS6.6AI score0.22593EPSS
Exploits5
Saint
Saint
•added 2011/12/12 12:0 a.m.•48 views

Iron Mountain Connected Backup Opcode 13 Processing Command Injection

Added: 12/12/2011 CVE: CVE-2011-2397 BID: 50884 OSVDB: 77495 Background Iron Mountain Connected Backup is a solution for automatic online backup and recovery for Microsoft Windows and Mac OS X. An agent is installed on each computer that is to be backed up. The agent listens by default on TCP por...

10CVSS7.4AI score0.05521EPSS
Exploits4
Saint
Saint
•added 2011/11/25 12:0 a.m.•48 views

Wireshark Lua Untrusted Search Path vulnerability

Added: 11/25/2011 CVE: CVE-2011-3360 BID: 49528 OSVDB: 75347 Background Wireshark is a network packet analyzer. Problem A vulnerability in Wireshark allows execution of arbitrary Lua scripts placed in untrusted directories which are included in Wireshark's search path. Resolution Upgrade to...

9.3CVSS7.5AI score0.35528EPSS
Exploits9
Saint
Saint
•added 2011/08/16 12:0 a.m.•48 views

Internet Explorer Telnet URI Insecure Loading

Added: 08/16/2011 CVE: CVE-2011-1961 BID: 49027 OSVDB: 74494 Background A Uniform Resource Identifier URI allows a user to identify a name or a resource on the Internet while specifying the delivery protocol. Problem Unpatched versions of Internet Explorer versions 6 through 9 do not specify the...

9.3CVSS6.1AI score0.3434EPSS
Exploits5
Saint
Saint
•added 2011/07/18 12:0 a.m.•48 views

HP OpenView Storage Data Protector Opcode 27 Stack Buffer Overflow

Added: 07/18/2011 CVE: CVE-2011-1865 BID: 48486 OSVDB: 73571 Background HP Data Protector is a backup solution for enterprise and distributed environments. The Data Protector environment consists of a Cell Manager, backup agents, and backup device servers. The OmniInet process omniinet.exe is...

10CVSS7.7AI score0.88948EPSS
Exploits18
Saint
Saint
•added 2011/06/15 12:0 a.m.•48 views

Microsoft Excel Data Validation Record Parsing Overflow

Added: 06/15/2011 CVE: CVE-2011-0105 BID: 47256 OSVDB: 71765 Background Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows and Macintosh platforms. Problem Microsoft Excel 2002 versions lacking the patch detailed in Microsoft Security Advisory...

9.3CVSS6.9AI score0.71129EPSS
Exploits10
Saint
Saint
•added 2011/05/26 12:0 a.m.•48 views

VLC Media Player Libmodplug CSoundFile::ReadS3M() Function S3M File Handling Overflow

Added: 05/26/2011 CVE: CVE-2011-1574 OSVDB: 72143 Background VideoLAN VLC media player is a media player supporting various audio and video formats for multiple platforms. Problem VLC media player is vulnerable to a stack buffer overflow because the ReadS3M function in libmodplug fails to properl...

6.8CVSS7.2AI score0.42941EPSS
Exploits8
Saint
Saint
•added 2011/04/20 12:0 a.m.•48 views

DATAC RealWin SCADA Server TAG function stack overflow

Added: 04/20/2011 CVE: CVE-2011-1563 BID: 46937 Background RealWin is a Supervisory Control and Data Acquisition SCADA server which is distributed by DATAC. Problem A buffer overflow vulnerability in RealWin Server allows remote attackers to execute arbitrary commands by sending a long, specially...

10CVSS7.7AI score0.74638EPSS
Exploits15
Saint
Saint
•added 2011/04/17 12:0 a.m.•48 views

7-Technologies Interactive Graphical SCADA System Remote Code Execution

Added: 04/17/2011 CVE: CVE-2011-1567 BID: 46936 Background 7-Technologies Interactive Graphical SCADA System IGSS is a SCADA solution used mainly in Denmark and the US. Problem 7T IGSS server contains multiple stack overflows, a format string vulnerability, a remote command execution vulnerabilit...

10CVSS6.7AI score0.69618EPSS
Exploits10
Saint
Saint
•added 2011/03/21 12:0 a.m.•48 views

EnterpriseDB PostgreSQL Plus Advanced Server DBA Management Server Authentication Bypass

Added: 03/21/2011 BID: 46662 Background Postgres Plus Advanced Server is an enterprise database solution. It includes several productivity tools, such as Migration Studio, Postgres Studio, DBA Management Server, and DBA Monitoring Console. Problem An authentication bypass vulnerability exists in...

7.4AI score
Exploits0
Saint
Saint
•added 2010/10/22 12:0 a.m.•48 views

RealNetworks RealPlayer CDDA URI Uninitialized Pointer Code Execution

Added: 10/22/2010 CVE: CVE-2010-3747 BID: 44144 OSVDB: 68673 Background RealPlayer and RealOne Player include a number of ActiveX controls allowing functions to be called by scripts embedded in web pages. Problem CDDA cdda:// is a protocol used to locate media files on Compact Disc Digital Audio...

9.3CVSS7.1AI score0.35352EPSS
Exploits9
Saint
Saint
•added 2010/06/18 12:0 a.m.•48 views

HP Operations Manager hidden Tomcat account

Added: 06/18/2010 CVE: CVE-2009-3843 BID: 37086 OSVDB: 60317 Background HP Operations Manager is a consolidated event and performance management console that correlates infrastructure, network and end-user experience events across an IT infrastructure. Problem A hidden Apache Tomcat account allow...

10CVSS9.8AI score0.78968EPSS
Exploits12
Saint
Saint
•added 2010/06/17 12:0 a.m.•48 views

Adobe Reader authplay.dll newfunction Memory Corruption

Added: 06/17/2010 CVE: CVE-2010-1297 BID: 40586 OSVDB: 65141 Background Adobe Reader is free software for viewing PDF documents. Problem A memory corruption vulnerability in authplay.dll provided with Adobe Reader 9.3.2 and earlier 9.x versions allows command execution when a user opens a special...

9.3CVSS8.5AI score0.82365EPSS
Exploits22
Saint
Saint
•added 2010/05/25 12:0 a.m.•48 views

IBM Cognos Express Server Backdoor Account Remote Code Execution

Added: 05/25/2010 CVE: CVE-2010-0557 BID: 38084 OSVDB: 62118 Background IBM Cognos Express is an integrated business intelligence BI and planning solution which delivers the essential reporting, analysis, dashboard, scorecard, planning, budgeting and forecasting capabilities that midsize companie...

7.5CVSS6.5AI score0.51069EPSS
Exploits9
Saint
Saint
•added 2009/11/27 12:0 a.m.•48 views

Symantec AeXNSConsoleUtilities RunCmd buffer overflow

Added: 11/27/2009 CVE: CVE-2009-3033 BID: 37092 OSVDB: 60496 Background Symantec Altiris Deployment Solution provides tools to deploy software on desktops and servers. Problem A buffer overflow vulnerability in the AeXNSConsoleUtilities ActiveX control allows command execution when a user loads a...

9.3CVSS6.8AI score0.39967EPSS
Exploits10
Saint
Saint
•added 2009/11/16 12:0 a.m.•48 views

EasyMail IMAP4 ActiveX Control LicenseKey buffer overflow

Added: 11/16/2009 OSVDB: 59938 Background QuikSoft EasyMail Objects is a set of ActiveX controls which provide e-mail functionality. QuikSoft EasyMail Objects is included with Oracle Document Capture among other products. Problem A buffer overflow vulnerability in the EasyMail IMAP4 ActiveX...

7.7AI score
Exploits0
Saint
Saint
•added 2009/09/24 12:0 a.m.•48 views

Mozilla Firefox PKCS11 Module Installation Code Execution

Added: 09/24/2009 CVE: CVE-2009-3076 BID: 36343 OSVDB: 57977 Background Mozilla is a suite of Internet client products available for multiple platforms. Problem The warning dialog displayed when adding or removing security modules via pkcs11.addmodule or pkcs11.deletemodule can be customized by a...

9.3CVSS6.4AI score0.06724EPSS
Exploits4
Saint
Saint
•added 2009/06/16 12:0 a.m.•48 views

Windows Print Spooler EnumeratePrintShares buffer overflow

Added: 06/16/2009 CVE: CVE-2009-0228 BID: 35206 Background The Windows Print Spooler manages the printing process on Windows operating systems. Problem A buffer overflow vulnerability in the EnumeratePrintShares function in the Windows Print Spooler service allows arbitrary command execution when...

10CVSS6.9AI score0.20501EPSS
Exploits6
Saint
Saint
•added 2009/06/03 12:0 a.m.•48 views

Microsoft DirectX DirectShow QuickTime movie parsing vulnerability

Added: 06/03/2009 CVE: CVE-2009-1537 BID: 35139 OSVDB: 54797 Background DirectX is a feature of the Windows operating system used for streaming media. Within DirectX, the DirectShow technology performs client-side audio and video sourcing, manipulation and rendering. Problem A command execution...

9.3CVSS6.3AI score0.51207EPSS
Exploits7
Saint
Saint
•added 2009/05/14 12:0 a.m.•48 views

Microsoft PowerPoint Legacy File Format Printer driver buffer overflow

Added: 05/14/2009 CVE: CVE-2009-0227 BID: 34882 OSVDB: 54384 Background Microsoft PowerPoint is presentation software included in the Microsoft Office desktop suite. Problem A buffer overflow vulnerability in the Legacy File Format conversion filter PP4X322.dll allows command execution when a use...

9.3CVSS6.6AI score0.35721EPSS
Exploits5
Saint
Saint
•added 2009/05/06 12:0 a.m.•48 views

Symantec Alert Management System Intel File Transfer service command execution

Added: 05/06/2009 CVE: CVE-2009-1431 BID: 34675 OSVDB: 54160 Background The Symantec Alert Management System 2 AMS2 is used by multiple Symantec products. The Intel File Transfer service is a component of AMS2 which is used to aid communication between the core server and managed clients. It...

9.3CVSS7.2AI score0.08036EPSS
Exploits5
Saint
Saint
•added 2009/02/06 12:0 a.m.•48 views

Oracle Database OLAP component ODCITABLESTART buffer overflow

Added: 02/06/2009 CVE: CVE-2008-3974 BID: 33177 OSVDB: 51347 Background The Online Analytical Processing OLAP component of Oracle Database is a set of stored procedures used for multi-dimensional analytical queries. Problem A buffer overflow vulnerability in the ODCITABLESTART function allows...

4CVSS7.3AI score0.0135EPSS
Exploits4
Saint
Saint
•added 2008/12/12 12:0 a.m.•48 views

Internet Explorer XML data binding memory corruption

Added: 12/12/2008 CVE: CVE-2008-4844 BID: 32721 OSVDB: 50622 Background Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems. Problem A data binding error allows command execution when a user loads specially crafted XML code containing nested SPAN tags,...

9.3CVSS7.5AI score0.66513EPSS
Exploits10
Saint
Saint
•added 2008/08/11 12:0 a.m.•48 views

CA ARCserve Backup LGServer handshake buffer overflow

Added: 08/11/2008 CVE: CVE-2008-3175 BID: 30472 OSVDB: 47545 Background BrightStor ARCserve Backup for Laptops and Desktops is an automated backup solution optimized for low-bandwidth, intermittent network connections. Problem A buffer overflow vulnerability in the LGServer.exe server process...

10CVSS7.8AI score0.144EPSS
Exploits5
Saint
Saint
•added 2008/05/22 12:0 a.m.•48 views

HP Software Update HPeDiag ActiveX Control GetXmlFromIni buffer overflow

Added: 05/22/2008 CVE: CVE-2008-0712 BID: 28929 OSVDB: 44662 Background HP Software Update is shipped with various kinds of HP computers to keep HP software up to date. Problem A buffer overflow in the GetXmlFromIni method of the HPeDiag ActiveX control allows command execution when a user loads ...

6.8CVSS6.9AI score0.04697EPSS
Exploits4
Saint
Saint
•added 2008/01/30 12:0 a.m.•48 views

Lotus Notes MIF attachment viewer buffer overflow

Added: 01/30/2008 CVE: CVE-2007-5909 BID: 26175 OSVDB: 40791 Background Lotus Notes is the client for Lotus Domino servers. Problem A buffer overflow in the KeyView Viewer included in Lotus Notes allows command execution when a user views a specially crafted Frame Maker Interchange File MIF...

9.3CVSS7AI score0.20906EPSS
Exploits5
Saint
Saint
•added 2007/12/14 12:0 a.m.•48 views

ACDSee XPM file section string buffer overflow

Added: 12/14/2007 CVE: CVE-2007-6009 BID: 26554 OSVDB: 45278 Background ACDSee is a suite of products for viewing and organizing photos. Problem A buffer overflow vulnerability in the IDX.apl , IDEACDStd.apl , IDPSP.apl , and AMLHA.apl plug-ins could allow command execution when a user opens an X...

9.3CVSS6.9AI score0.03927EPSS
Exploits5
Saint
Saint
•added 2007/11/23 12:0 a.m.•48 views

Oracle XDB component PITRIG_DROPMETADATA buffer overflow

Added: 11/23/2007 CVE: CVE-2007-4517 BID: 26374 OSVDB: 39918 Background The PITRIGDROPMETADATA function is included in the XDB.XDBPITRIGPKG package which is included with Oracle Database. Problem A buffer overflow vulnerability in the PITRIGDROPMETADATA function allows remote, authenticated...

6CVSS7.4AI score0.05385EPSS
Exploits8
Saint
Saint
•added 2007/11/19 12:0 a.m.•48 views

QuickTime PICT image UncompressedQuickTimeData buffer overflow

Added: 11/19/2007 CVE: CVE-2007-4672 BID: 26344 OSVDB: 38547 Background QuickTime is a media player for Windows and Mac OS platforms. Problem A buffer overflow vulnerability in QuickTime allows command execution when a user opens a specially crafted PICT image containing an invalid...

7.6CVSS6.8AI score0.08053EPSS
Exploits4
Saint
Saint
•added 2007/06/27 12:0 a.m.•48 views

Linux kernel ptrace privilege elevation vulnerability

Added: 06/27/2007 CVE: CVE-2003-0127 BID: 7112 OSVDB: 4565 Background ptrace is a Linux system call which enables a parent process to observe and control another process. Problem Due to a failure by the kernel to restrict trace permissions, a local attacker could gain root privileges by attaching...

7.2CVSS6AI score0.01584EPSS
Exploits5
Saint
Saint
•added 2007/01/15 12:0 a.m.•48 views

Microsoft Visual Studio 2005 WMI Object Broker vulnerability

Added: 01/15/2007 CVE: CVE-2006-4704 BID: 20843 OSVDB: 30155 Background Microsoft Visual Studio is a product to assist with software development in the Windows operating system. Problem A flaw in the WMI Object Broker ActiveX control allows attackers to bypass security zone restrictions, leading ...

6.8CVSS6.4AI score0.42846EPSS
Exploits6
Saint
Saint
•added 2006/12/01 12:0 a.m.•48 views

Novell Client nwspool.dll buffer overflow

Added: 12/01/2006 CVE: CVE-2006-5854 BID: 21220 OSVDB: 30547 Background Novell Client software provides NetWare connectivity to Windows platforms. Problem The nwspool.dll library in Novell Client is affected by buffer overflows in the EnumPrinters and OpenPrinter functions, allowing remote...

7.5CVSS7.4AI score0.57287EPSS
Exploits15
Saint
Saint
•added 2006/06/09 12:0 a.m.•48 views

SpamAssassin spamd vpopmail user vulnerability

Added: 06/09/2006 CVE: CVE-2006-2447 BID: 18290 OSVDB: 26177 Background SpamAssassin identifies spam e-mail using a variety of local and network based tests. spamd is a component of SpamAssassin which allows it to run as a network daemon. Problem When the vpopmail -v and paranoid -P options are...

5.1CVSS6.5AI score0.74703EPSS
Exploits12
Saint
Saint
•added 2006/05/24 12:0 a.m.•48 views

QuickTime MOV file udta Atom buffer overflow

Added: 05/24/2006 CVE: CVE-2006-1460 BID: 17953 OSVDB: 25509 Background QuickTime is a media player for Windows and Mac OS platforms. Problem A buffer overflow in QuickTime allows command execution by a specially crafted Movie MOV file containing a long udta Atom. Resolution Upgrade to QuickTime...

5.1CVSS6.9AI score0.05586EPSS
Exploits4
Saint
Saint
•added 2006/05/17 12:0 a.m.•48 views

FreeSSHd key exchange buffer overflow

Added: 05/17/2006 CVE: CVE-2006-2407 BID: 17958 OSVDB: 25463 Background freeSSHd is a free SSH server based on WeOnlyDo wodSSHServer. Problem wodSSHServer and its derivatives, including freeSSHd, are affected by a buffer overflow vulnerability in the key exchange algorithm. A remote attacker can...

7.5CVSS7.5AI score0.71375EPSS
Exploits11
Saint
Saint
•added 2006/03/24 12:0 a.m.•48 views

Microsoft Jet Database Engine buffer overflow

Added: 03/24/2006 CVE: CVE-2005-0944 BID: 12960 OSVDB: 15187 Background The Microsoft Jet Database Engine provides data access functionality for a number of applications. Problem An input validation vulnerability in the Microsoft Jet Database Engine could lead to command execution when a user ope...

7.5CVSS6.3AI score0.34021EPSS
Exploits4
Saint
Saint
•added 2005/12/28 12:0 a.m.•48 views

phpBB viewtopic.php highlight parameter vulnerability

Added: 12/28/2005 CVE: CVE-2005-2086 BID: 14086 OSVDB: 17613 Background phpBB is an open-source bulletin board package written in PHP. Problem This is a variant of an older vulnerability which allows remote command execution by requesting viewtopic.php with a specially crafted highlight parameter...

7.5CVSS6.5AI score0.85366EPSS
Exploits9
Total number of security vulnerabilities4305