Lucene search
K
SaintMost viewed

4305 matches found

Saint
Saint
•added 2006/03/24 12:0 a.m.•48 views

Microsoft Jet Database Engine buffer overflow

Added: 03/24/2006 CVE: CVE-2005-0944 BID: 12960 OSVDB: 15187 Background The Microsoft Jet Database Engine provides data access functionality for a number of applications. Problem An input validation vulnerability in the Microsoft Jet Database Engine could lead to command execution when a user ope...

7.5CVSS6.3AI score0.34021EPSS
Exploits4
Saint
Saint
•added 2006/02/01 12:0 a.m.•48 views

Citrix Program Neighborhood name buffer overflow

Added: 02/01/2006 CVE: CVE-2005-3652 BID: 15907 OSVDB: 21816 Background Citrix Presentation Server, formerly Citrix MetaFrame, allows applications to be deployed across a network to various client platforms, including Windows, Unix, Macintosh, DOS, and OS/2. The Program Neighborhood Agent running...

7.5CVSS6.8AI score0.15967EPSS
Exploits4
Saint
Saint
•added 2005/12/28 12:0 a.m.•48 views

phpBB viewtopic.php highlight parameter vulnerability

Added: 12/28/2005 CVE: CVE-2005-2086 BID: 14086 OSVDB: 17613 Background phpBB is an open-source bulletin board package written in PHP. Problem This is a variant of an older vulnerability which allows remote command execution by requesting viewtopic.php with a specially crafted highlight parameter...

7.5CVSS6.5AI score0.85366EPSS
Exploits9
Saint
Saint
•added 2005/11/29 12:0 a.m.•48 views

IMail IMAP STATUS buffer overflow

Added: 11/29/2005 CVE: CVE-2005-1256 BID: 13727 OSVDB: 16806 Background IMail is a mail server for Windows platforms. It includes SMTP, POP, IMAP, and LDAP services, and a web interface and web calendaring service. Problem A buffer overflow when processing long mailbox names specified in the STAT...

10CVSS7.7AI score0.58898EPSS
Exploits4
Saint
Saint
•added 2021/07/28 12:0 a.m.•47 views

Aruba Instant command execution

Added: 07/28/2021 Background Aruba Instant is a controllerless wi-fi solution. Problem The combination of several different vulnerabilities in Aruba Instant could allow remote attackers to execute arbitrary commands by sending specially crafted web requests. Resolution Upgrade to Aruba Instant...

8.4AI score
Exploits0
Saint
Saint
•added 2020/12/22 12:0 a.m.•47 views

Atlassian Crowd pdkinstall arbitrary plugin installation

Added: 12/22/2020 Background Atlassian Crowd is a single sign-on solution for Atlassian products. Problem Atlassian Crowd and Crowd Data Center incorrectly enabled the pdkinstall development plugin, allowing attackers to install arbitrary plugins, leading to remote code execution. Resolution...

8.3AI score
Exploits0
Saint
Saint
•added 2020/08/13 12:0 a.m.•47 views

Aruba ClearPass Policy Manager tipsSimulationUpload command execution

Added: 08/13/2020 CVE: CVE-2020-7115 Background Aruba ClearPass is a network access control solution. Problem A vulnerability in the tipsSimulationUpload.action resource allows remote attackers to execute arbitrary commands by uploading a shared object library in the uploadClientCertFile paramete...

10CVSS9.9AI score0.64596EPSS
Exploits8
Saint
Saint
•added 2013/09/09 12:0 a.m.•47 views

HP System Management Homepage iprange Parameter Stack Buffer Overflow

Added: 09/09/2013 CVE: CVE-2013-2362 BID: 61337 OSVDB: 95489 Background HP System Management Homepage SMH is a web-based interface that consolidates the management of ProLiant and Integrity servers. Problem A stack buffer overflow vulnerability in HP SMH allows command execution when an attacker...

2.1CVSS9.8AI score0.00527EPSS
Exploits4
Saint
Saint
•added 2013/05/08 12:0 a.m.•47 views

Internet Explorer CGenericElement Object Use-after-free Vulnerability

Added: 05/08/2013 CVE: CVE-2013-1347 BID: 59641 OSVDB: 92993 Background Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems. Problem When Internet Explorer attempts to access an object in memory that has been deleted, it may corrupt memory in such a way...

9.3CVSS8.7AI score0.77889EPSS
Exploits11
Saint
Saint
•added 2013/03/04 12:0 a.m.•47 views

Java MBeanInstantiator findClass and Introspector Sandbox Escape

Added: 03/04/2013 CVE: CVE-2013-0431 BID: 57726 OSVDB: 89613 Background Java is a programming language that compiles programs to bytecode, which is then executed inside a Java Virtual Machine. This is optimal for applications that must run on various hardware platforms, such as web applets. Probl...

5.3CVSS9.8AI score0.89987EPSS
Exploits8
Saint
Saint
•added 2013/02/21 12:0 a.m.•47 views

Adobe Flash Player SWF Content Regular Expression Heap Overflow

Added: 02/21/2013 CVE: CVE-2013-0634 BID: 57788 OSVDB: 89936 Background Adobe Flash Player is a cross-platform browser plug-in providing visual enhancements for web pages. Problem The ActiveX version of Adobe Flash Player on Windows is vulnerable to heap buffer overflow because it does not proper...

9.3CVSS9.1AI score0.77597EPSS
Exploits10
Saint
Saint
•added 2013/01/04 12:0 a.m.•47 views

Internet Explorer CButton Use After Free Vulnerability

Added: 01/04/2013 CVE: CVE-2012-4792 BID: 57070 OSVDB: 88774 Background Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems. Problem All references to DOM button objects are not properly removed when a DOM buttom object is deleted. If the stale reference...

9.3CVSS7.1AI score0.78823EPSS
Exploits12
Saint
Saint
•added 2012/12/21 12:0 a.m.•47 views

MySQL FILE privilege elevation

Added: 12/21/2012 CVE: CVE-2012-5613 BID: 56771 OSVDB: 88118 Background MySQL is an open-source database software package available for multiple platforms. Problem A database user who has FILE permission can write arbitrary files to the file system, leading to privilege elevation. Resolution Revo...

6CVSS5.2AI score0.31664EPSS
Exploits15
Saint
Saint
•added 2012/12/17 12:0 a.m.•47 views

CYME ChartFX ActiveX ShowPropertiesDialog pageNumber indexing error

Added: 12/17/2012 BID: 55765 OSVDB: 85894 Background The CYME Power Engineering Software is a suite of applications for power engineers. It includes the ChartFX ActiveX control. Problem An indexing error in ChartFX.ClientServer.Core.dll of the ChartFX ActiveX Control allows command execution when...

0.4AI score
Exploits0
Saint
Saint
•added 2012/12/17 12:0 a.m.•47 views

Novell File Reporter FSFUI File Upload

Added: 12/17/2012 CVE: CVE-2012-4959 BID: 56579 OSVDB: 87573 Background Novell File Reporter is software that allows network administrators to identify files stored on the network and generates reports regarding the size of individual files, file type, when files were last accessed, and where...

10CVSS6.8AI score0.71194EPSS
Exploits21
Saint
Saint
•added 2012/09/26 12:0 a.m.•47 views

HP Intelligent Management Center uam.exe Stack Buffer Overflow

Added: 09/26/2012 BID: 55271 OSVDB: 85060 Background HP Intelligent Management Center, also known as HP iNode Management Center, is a comprehensive management platform for delivering integrated, modular network management capabilities. The User Access Manager UAM module uam.exe manages the...

0.4AI score
Exploits0
Saint
Saint
•added 2012/08/06 12:0 a.m.•47 views

Internet Explorer COL SPAN Heap Overflow

Added: 08/06/2012 CVE: CVE-2012-1876 BID: 53848 OSVDB: 82866 Background Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems. Problem Internet Explorer allows websites to utilize Javascript to create dynamic web content. As such, websites can include...

9.3CVSS8.1AI score0.64962EPSS
Exploits27
Saint
Saint
•added 2012/07/23 12:0 a.m.•47 views

HP Data Protector Express Opcode 0x320 Overflow

Added: 07/23/2012 CVE: CVE-2012-0121 BID: 52431 OSVDB: 80102 Background HP Data Protector Express is a backup and recovery solution for single machines and small networks. Problem A stack overflow vulnerability exists in dpwindtb.dll. Validation of parameters to Opcode 0x320 requests are not...

10CVSS7.1AI score0.10436EPSS
Exploits4
Saint
Saint
•added 2012/06/27 12:0 a.m.•47 views

Microsoft XML Core Services memory corruption

Added: 06/27/2012 CVE: CVE-2012-1889 BID: 53934 OSVDB: 82873 Background Microsoft XML Core Services allows developers to create XML-based applications. Problem A memory corruption vulnerability allows command execution when a user opens a specially crafted web page, which causes MSXML to access a...

9.3CVSS9AI score0.83638EPSS
Exploits12
Saint
Saint
•added 2012/06/11 12:0 a.m.•47 views

GIMP Script-Fu Server Buffer Overflow

Added: 06/11/2012 CVE: CVE-2012-2763 BID: 53741 OSVDB: 82429 Background The GNU Image Manipulation Program GIMP is free software for tasks such as photo retouching, image composition, and image authoring. Problem The vulnerability is due improper boundary checking within the Script-Fu server...

7.5CVSS8AI score0.81722EPSS
Exploits14
Saint
Saint
•added 2012/02/13 12:0 a.m.•47 views

Symantec pcAnywhere Host Services Login Overflow

Added: 02/13/2012 CVE: CVE-2011-3478 BID: 51592 OSVDB: 78532 Background Symantec pcAnywhere is a suite of remote connectivity applications that allow users of a system to access their system remotely. Problem A stack overflow exist in the pcAnywhere Host Service when parsing login names. An...

10CVSS7.4AI score0.39308EPSS
Exploits10
Saint
Saint
•added 2012/01/24 12:0 a.m.•47 views

Windows Object Packager Insecure Execution

Added: 01/24/2012 CVE: CVE-2012-0009 BID: 51297 OSVDB: 78212 Background Windows Object Packager is a tool that can be used to create a package that can be inserted into a file. Problem A vulnerability exists in the way the Windows Object Packager registers and implements packages stored on networ...

9.3CVSS5.9AI score0.20561EPSS
Exploits4
Saint
Saint
•added 2011/02/23 12:0 a.m.•47 views

Symantec Alert Management System Intel Alert Handler modem string buffer overflow

Added: 02/23/2011 CVE: CVE-2010-0110 BID: 45936 Background The Symantec Alert Management System 2 AMS2 is used by multiple Symantec products. It includes an Intel Alert Handler service hndlrsvc.exe. This service handles messages forwarded to it by the Alert Originator Manager, which listens on po...

7.9CVSS7.6AI score0.0513EPSS
Exploits12
Saint
Saint
•added 2010/11/26 12:0 a.m.•47 views

Oracle Virtual Server Agent Command Injection

Added: 11/26/2010 CVE: CVE-2010-3582 BID: 44031 Background Oracle VM software provides virtualization technology that allows running multiple instances of x86 virtual computers simultaneously within the host operating system. It supports many Oracle and non-Oracle based systems such as Windows,...

9CVSS7.2AI score0.02381EPSS
Exploits4
Saint
Saint
•added 2010/09/17 12:0 a.m.•47 views

Adobe Reader CoolType.dll buffer overflow

Added: 09/17/2010 CVE: CVE-2010-2883 BID: 43057 OSVDB: 67849 Background Adobe Reader is free software for viewing PDF documents. Problem A buffer overflow in the CoolType.dll module allows command execution when a user opens a PDF document containing a long, specially crafted field in a SING tabl...

9.3CVSS7.7AI score0.82485EPSS
Exploits13
Saint
Saint
•added 2010/01/09 12:0 a.m.•47 views

HP OpenView Network Node Manager nnmRptConfig.exe CGI Template Buffer Overflow

Added: 01/09/2010 CVE: CVE-2009-3848 BID: 37296 OSVDB: 60926 Background HP OpenView Network Node Manager is network availability and performance management software. Problem A stack buffer overflow vulnerability allows remote attackers to execute arbitrary commands by requesting the...

10CVSS7.6AI score0.11794EPSS
Exploits5
Saint
Saint
•added 2009/11/27 12:0 a.m.•47 views

Symantec AeXNSConsoleUtilities RunCmd buffer overflow

Added: 11/27/2009 CVE: CVE-2009-3033 BID: 37092 OSVDB: 60496 Background Symantec Altiris Deployment Solution provides tools to deploy software on desktops and servers. Problem A buffer overflow vulnerability in the AeXNSConsoleUtilities ActiveX control allows command execution when a user loads a...

9.3CVSS6.8AI score0.39967EPSS
Exploits10
Saint
Saint
•added 2009/10/02 12:0 a.m.•47 views

EMC Captiva QuickScan Pro KeyHelp ActiveX Control JumpURL buffer overflow

Added: 10/02/2009 BID: 36546 OSVDB: 58423 Background EMC Captiva QuickScan Pro is a document capture solution. It includes KeyHelp, a free ActiveX control used for enhancing HTML help systems. Problem A buffer overflow vulnerability in the KeyHelp ActiveX Control allows command execution when a...

7.7AI score
Exploits0
Saint
Saint
•added 2009/09/11 12:0 a.m.•47 views

Microsoft Excel BIFF format Qsir record memory corruption

Added: 09/11/2009 CVE: CVE-2009-1134 BID: 35246 OSVDB: 54958 Background Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows and Macintosh platforms. Problem A memory corruption vulnerability allows command execution when a user closes a spreadshee...

9.3CVSS7.8AI score0.35698EPSS
Exploits5
Saint
Saint
•added 2009/09/01 12:0 a.m.•47 views

Oracle Secure Backup property_box.php type parameter command execution

Added: 09/01/2009 CVE: CVE-2009-1978 BID: 35678 OSVDB: 55904 Background Oracle Secure Backup is a centralized tape backup management solution for Oracle Database. Problem A command execution vulnerability in the Oracle Secure Backup web interface allows remote attackers to execute arbitrary...

9CVSS7.2AI score0.64694EPSS
Exploits13
Saint
Saint
•added 2009/06/26 12:0 a.m.•47 views

Microsoft PowerPoint Legacy Format Scheme record buffer overflow

Added: 06/26/2009 CVE: CVE-2009-0226 BID: 34881 OSVDB: 54385 Background Microsoft PowerPoint is presentation software included in the Microsoft Office desktop suite. Problem A buffer overflow vulnerability in Microsoft PowerPoint allows command execution when a user opens a PowerPoint 4.0 stream...

9.3CVSS6.6AI score0.34794EPSS
Exploits5
Saint
Saint
•added 2009/03/26 12:0 a.m.•47 views

HP OpenView Network Node Manager OvOSLocale cookie buffer overflow

Added: 03/26/2009 CVE: CVE-2009-0920 Background HP OpenView Network Node Manager is network availability and performance management software. Problem A buffer overflow vulnerability allows remote attackers to execute arbitrary commands by sending a long, specially crafted OvOSLocale cookie in an...

7.5CVSS7.7AI score0.7494EPSS
Exploits11
Saint
Saint
•added 2009/02/27 12:0 a.m.•47 views

Adobe Reader JBIG2 image stream buffer overflow

Added: 02/27/2009 CVE: CVE-2009-0658 BID: 33751 OSVDB: 52073 Background Adobe Acrobat is software for creating PDF documents. Adobe Reader is free software for viewing PDF documents. Problem A buffer overflow vulnerability allows command execution when a user opens a PDF file containing a special...

9.3CVSS8.6AI score0.87719EPSS
Exploits7
Saint
Saint
•added 2008/11/28 12:0 a.m.•47 views

CA ARCserve Backup for Laptops and Desktops LGServer password integer overflow

Added: 11/28/2008 CVE: CVE-2007-5004 BID: 24348 OSVDB: 41352 Background BrightStor ARCserve Backup for Laptops and Desktops is an automated backup solution optimized for low-bandwidth, intermittent network connections. Problem An integer overflow vulnerability allows remote attackers to execute...

9.3CVSS7.9AI score0.08902EPSS
Exploits5
Saint
Saint
•added 2008/09/19 12:0 a.m.•47 views

Microsoft PowerPoint Viewer picture index CString object integer overflow

Added: 09/19/2008 CVE: CVE-2008-0120 BID: 30552 OSVDB: 47406 Background Microsoft PowerPoint Viewer 2003 is a free tool which allows viewing of Microsoft PowerPoint presentations without requiring Microsoft PowerPoint itself. Problem An integer overflow vulnerability in the handling of CString...

9.3CVSS6.6AI score0.31932EPSS
Exploits5
Saint
Saint
•added 2008/09/09 12:0 a.m.•47 views

Windows Media Encoder 9 wmex.dll ActiveX buffer overflow

Added: 09/09/2008 CVE: CVE-2008-3008 BID: 31065 OSVDB: 47962 Background Windows Media Encoder is a tool for content producers to capture and compress audio and video content. Windows Media Encoder 9 installs the wmex.dll ActiveX control. Problem A buffer overflow vulnerability in the wmex.dll...

9.3CVSS6.8AI score0.54553EPSS
Exploits9
Saint
Saint
•added 2008/08/27 12:0 a.m.•47 views

FlashGet FTP PWD buffer overflow

Added: 08/27/2008 CVE: CVE-2008-4321 BID: 30685 OSVDB: 47457 Background FlashGet is an FTP client formerly known as JetCar. Problem A buffer overflow in FlashGet allows command execution when a user connects to an FTP server which sends a specially crafted PWD response. Resolution Use a different...

9.3CVSS7AI score0.05737EPSS
Exploits5
Saint
Saint
•added 2008/03/14 12:0 a.m.•47 views

Microsoft Excel conditional formatting vulnerability

Added: 03/14/2008 CVE: CVE-2008-0117 BID: 28170 OSVDB: 42731 Background Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows and Macintosh platforms. Problem A vulnerability in Microsoft Excel allows command execution when a user opens a file...

9.3CVSS9.5AI score0.33362EPSS
Exploits5
Saint
Saint
•added 2007/09/11 12:0 a.m.•47 views

Microsoft Agent crafted URL vulnerability

Added: 09/11/2007 CVE: CVE-2007-3040 BID: 25566 OSVDB: 36934 Background Microsoft Agent is a component of the Windows operating system designed to make using a computer easier through enriched user interaction. Problem A vulnerability in Microsoft Agent allows command execution when a user loads ...

9.3CVSS6.4AI score0.57217EPSS
Exploits6
Saint
Saint
•added 2007/04/23 12:0 a.m.•47 views

LANDesk Management Suite Alert Service buffer overflow

Added: 04/23/2007 CVE: CVE-2007-1674 BID: 23483 OSVDB: 34964 Background LANDesk Management Suite automates systems and security management tasks across a network. It runs an Alert Service which listens for communication on port 65535/UDP. Problem A buffer overflow vulnerability in the Alert Servi...

10CVSS7.6AI score0.72864EPSS
Exploits10
Saint
Saint
•added 2006/07/17 12:0 a.m.•47 views

Serv-U FTP site chmod buffer overflow

Added: 07/17/2006 CVE: CVE-2004-2111 BID: 9675 OSVDB: 3713 Background Serv-U is an FTP server for Windows platforms. Problem An attacker who has logged on to the Serv-U FTP server and has a writable directory could execute arbitrary commands by sending a site chmod command with an overly long fil...

8.5CVSS7.5AI score0.86867EPSS
Exploits10
Saint
Saint
•added 2006/05/15 12:0 a.m.•47 views

Windows compressed folders buffer overflow

Added: 05/15/2006 CVE: CVE-2004-0575 BID: 11382 OSVDB: 10695 Background Microsoft Windows XP and Windows Server 2003 include the ability to natively handle ZIP files. Problem A buffer overflow when handling compressed folders allows command execution when a specially crafted ZIP file is opened by...

10CVSS6.8AI score0.603EPSS
Exploits4
Saint
Saint
•added 2006/04/27 12:0 a.m.•47 views

Windows Cursor and Icon handling vulnerability

Added: 04/27/2006 CVE: CVE-2004-1049 BID: 12233 OSVDB: 12842 Background The LoadImage API in Microsoft Windows provides functions for loading cursors, animated cursors, and icons. Problem An integer overflow in the LoadImage API allows command execution when a user opens a specially crafted curso...

5.1CVSS6.6AI score0.29743EPSS
Exploits13
Saint
Saint
•added 2006/03/13 12:0 a.m.•47 views

phpRPC decode function command execution

Added: 03/13/2006 CVE: CVE-2006-1032 BID: 16833 OSVDB: 23514 Background phpRPC is an xmlrpc library written in PHP supporting most databases. Problem A vulnerability in the decode function allows a remote attacker to execute arbitrary PHP commands placed inside a tag. Resolution phpRPC is no long...

7.5CVSS7.4AI score0.03484EPSS
Exploits6
Saint
Saint
•added 2006/01/04 12:0 a.m.•47 views

IMail IMAP LOGIN special character vulnerability

Added: 01/04/2006 CVE: CVE-2005-1255 BID: 13727 OSVDB: 16804 Background IMail is a mail server for Windows platforms. It includes SMTP, POP, IMAP, and LDAP services, a web interface, and web calendaring. Problem A remote attacker could execute arbitrary commands by sending a long specially crafte...

10CVSS7.5AI score0.42813EPSS
Exploits6
Saint
Saint
•added 2005/11/29 12:0 a.m.•47 views

Computer Associates Message Queuing

Added: 11/29/2005 CVE: CVE-2005-2668 BID: 14622 OSVDB: 18916 Background The Computer Associates Message Queuing service is used internally by multiple Computer Associates products. Problem The Computer Associates Message Queuing service is affected by multiple buffer overflows which could result ...

10CVSS6.8AI score0.75244EPSS
Exploits7
Saint
Saint
•added 2021/09/20 12:0 a.m.•46 views

Atlassian Confluence Server OGNL Remote Code Execution

Added: 09/20/2021 Background Atlassian Confluence is a collaboration and knowledge management application. Problem Atlassian Confluence has an OGNL injection vulnerability that would allow an unauthenticated user to execute arbitrary code on a Confluence Server. Resolution Upgrade to Confluence...

8.6AI score
Exploits0
Saint
Saint
•added 2020/03/24 12:0 a.m.•46 views

netkit telnetd nextitem vulnerability

Added: 03/24/2020 Background netkit telnetd is a server implementation of the Telnet protocol which comes with many Linux and Unix operating systems. Problem An unbounded read and write condition in the nextitem function allows remote attackers to execute arbitrary commands on the server...

8.3AI score
Exploits0
Saint
Saint
•added 2018/12/21 12:0 a.m.•46 views

MiniShare 1.4.1 HEAD method buffer overflow

Added: 12/21/2018 Background MiniShare is a Windows program that allows sharing of files without additional services or software. Problem MiniShare 1.4.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP HEAD request. Resolution MiniShare is deprecated. References...

8.4AI score
Exploits0
Saint
Saint
•added 2018/07/05 12:0 a.m.•46 views

EMC RecoverPoint command injection in SSH username

Added: 07/05/2018 CVE: CVE-2018-1235 BID: 104246 Background Dell EMC RecoverPoint is an application recovery solution. Problem A command injection vulnerability allows a remote attacker to execute arbitrary commands embedded in the username of an SSH authentication request. Resolution Upgrade to...

10CVSS10AI score0.43287EPSS
Exploits12
Total number of security vulnerabilities4305