4305 matches found
HP Data Protector Windows Unauthenticated Remote Code Execution
Added: 02/18/2015 CVE: CVE-2014-2623 BID: 68672 OSVDB: 109069 Background HP Data Protector is a backup solution for enterprise and distributed environments. Data Protector Manager listens on port 5555/TCP. Problem HP Data Protector is vulnerable to remote unauthenticated arbitrary command executi...
HP Data Protector Unauthenticated Remote Code Execution
Added: 02/10/2015 CVE: CVE-2014-2623 BID: 68672 OSVDB: 109069 Background HP Data Protector is a backup solution for enterprise and distributed environments. Data Protector Manager listens on port 5555/TCP. Problem HP Data Protector is vulnerable to remote unauthenticated arbitrary command executi...
Kolibri WebServer HTTP POST Request Handling Remote Stack Buffer Overflow
Added: 10/10/2014 CVE: CVE-2014-5289 BID: 69263 OSVDB: 110142 Background SENKAS Kolibri Webserver is a free very simple web server for Microsoft Windows that supports serving static web content. Problem Kolibri Webserver is vulnerable to a stack buffer overflow as a result of failure to properly...
WinRAR ZIP File Handling Filename Spoofing Vulnerability
Added: 04/28/2014 BID: 66383 OSVDB: 62610 Background WinRAR is a shareware file archiver and data compression utility which runs on Microsoft Windows. It can create archives in ZIP format, as well as its own proprietary RAR format, and unpack a variety of other archive types. Problem WinRAR 4.x i...
FreePBX Framework Module view.functions.php Remote Code Execution
Added: 04/03/2014 CVE: CVE-2014-1903 BID: 65509 OSVDB: 103240 Background FreePBX is an open source telephony front-end, which has an easy to use graphical user interface that controls and manages Asterisk. Problem The Framework module of FreePBX is vulnerable to remote code execution as a result ...
Internet Explorer Use-After-Free Memory Corruption (MS13-055)
Added: 10/09/2013 CVE: CVE-2013-3163 BID: 60975 OSVDB: 94981 Background Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems. Problem Microsoft Internet Explorer contains a use-after-free error which can lead to memory corruption in such a way as to allow...
HP LoadRunner micWebAjax.dll ActiveX NotifyEvent Method Vulnerability
Added: 09/30/2013 CVE: CVE-2013-2368 BID: 61436 OSVDB: 95639 Background HP LoadRunner is a software performance testing solution. HP LoadRunner includes the micWebAjax ActiveX control. Problem HP LoadRunner before 11.52 is vulnerable to remote code execution due to failure to sanitize user-suppli...
Internet Explorer HTML Rendering Engine onLoseCapture Use-After-Free Vulnerability
Added: 09/25/2013 CVE: CVE-2013-3893 BID: 62453 OSVDB: 97380 Background Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems. Problem Microsoft Internet Explorer 6 through 11 contain a use-after-free vulnerability in the SetMouseCapture implementation in...
Windows Crafted Theme File Handling Vulnerability
Added: 09/12/2013 CVE: CVE-2013-0810 BID: 62176 OSVDB: 97136 Background Microsoft Windows themes are a combination of personalization settings that change how the user's desktop looks and sounds. A theme could specify user settings such as the desktop background, window border color, sounds, and...
Mozilla Firefox onreadystatechange Event Use After Free
Added: 08/22/2013 CVE: CVE-2013-1690 BID: 60778 OSVDB: 94584 Background Firefox is a freely available web browser for multiple platforms including Windows, Linux, and Mac OS. Problem A use-after-free vulnerability is triggered when handling onreadystatechange events and Event or Page reloads at t...
Apache Struts DefaultActionMapper redirect Prefix Vulnerability
Added: 08/01/2013 CVE: CVE-2013-2251 BID: 61189 OSVDB: 95405 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Struts use...
Novell ZENworks Mobile Management MDM.php Language Parameter Vulnerability
Added: 06/15/2013 CVE: CVE-2013-1081 BID: 58402 OSVDB: 91119 Background ZENworks Mobile Management ZMM offers centralized management tools that are useful for deploying new mobile devices in the workforce, whether those devices are company-issued or privately owned. ZMM ensures that users have th...
IBM SPSS SamplePower c1sizer ActiveX Control Vulnerability
Added: 06/09/2013 CVE: CVE-2012-5946 BID: 59559 OSVDB: 92845 Background SPSS Statistical Package for the Social Sciences is a computer application that provides statistical analysis of data. It allows for in-depth data access and preparation, analytical reporting, graphics and modelling...
Novell ZENworks Control Center file upload vulnerability
Added: 05/03/2013 CVE: CVE-2013-1080 BID: 58668 OSVDB: 91627 Background Novell ZENworks Configuration Management is an IT desktop computer management suite that provides the ability to install, configure and administer desktop computers from a centralized location. The product is based on a...
Internet Explorer CButton Use After Free Vulnerability
Added: 01/04/2013 CVE: CVE-2012-4792 BID: 57070 OSVDB: 88774 Background Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems. Problem All references to DOM button objects are not properly removed when a DOM buttom object is deleted. If the stale reference...
Internet Explorer COL SPAN Heap Overflow
Added: 08/06/2012 CVE: CVE-2012-1876 BID: 53848 OSVDB: 82866 Background Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems. Problem Internet Explorer allows websites to utilize Javascript to create dynamic web content. As such, websites can include...
Apple QuickTime TeXML Style Element Parsing Buffer Overflow
Added: 07/09/2012 CVE: CVE-2012-0663 BID: 53571 OSVDB: 81934 Background QuickTime is a media player for Windows and Mac OS platforms. Problem Apple QuickTime 7.7.1 and earlier versions are vulnerable to buffer overflow when parsing XML elements within a TeXML file. The QuickTime3GPP.qtx QuickTime...
iTunes m3u Playlist Overflow
Added: 07/03/2012 CVE: CVE-2012-0677 BID: 53933 OSVDB: 82897 Background iTunes is a free media player for multiple platforms. Problem iTunes does not properly validate parameters for EXTINF: directives in m3u files. This results in an exploitable stack overflow. Resolution Upgrade to iTunes 10.6....
Internet Explorer Same ID Property vulnerability
Added: 06/22/2012 CVE: CVE-2012-1875 BID: 53847 OSVDB: 82865 Background Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems. Problem A vulnerability in Internet Explorer allows command execution when a user opens a specially crafted web page which causes...
WebCalendar Pre-Auth PHP Code Execution
Added: 05/18/2012 CVE: CVE-2012-1495 BID: 53207 OSVDB: 80097 Background WebCalendar is a PHP-based calendar application that can be configured as a single-user calendar, a multi-user calendar for groups of users, or as an event calendar viewable by visitors. Problem WebCalendar fails to properly...
Adobe Flash Player MP4 Copyright Statement Overflow
Added: 03/08/2012 CVE: CVE-2012-0754 BID: 52034 OSVDB: 79300 Background Adobe Flash Player is a cross-platform browser plug-in providing visual enhancements for web pages. Problem Flash Player version prior to 11.1.102.62 do not properly validate the Copyright statement key CPRT in the tag...
HP OpenView Network Node Manager OVBuildPath Overflow
Added: 02/20/2012 CVE: CVE-2011-3167 BID: 50471 OSVDB: 76775 Background HP OpenView Network Node Manager NNM is a network monitoring solution based on SNMP. Problem User supplied data from the NNM web interface is passed to the OVBuildPath function in ov.dll. This function contains a stack overfl...
Novell iPrint Client ActiveX Control GetDriverSettings Stack Overflow
Added: 12/23/2011 CVE: CVE-2011-3173 BID: 50367 OSVDB: 76631 Background Novell iPrint is an application which allows users to install and manage printers. Novell iPrint installs the Novell iPrint Client ActiveX control named ienipp.ocx. Problem A buffer overflow vulnerability in the ActiveX contr...
Microsoft Internet Explorer layout-grid-char Style Property Use-After-Free Memory Corruption
Added: 09/19/2011 CVE: CVE-2011-1260 BID: 48208 OSVDB: 72950 Background Cascading Style Sheets CSS is a simple mechanism for adding style to web documents. Problem A use-after-free vulnerability exists in Microsoft's Internet Explorer layout engine in mshtml.dll when handling extra-large values f...
Internet Explorer DOM modification memory corruption
Added: 06/28/2011 CVE: CVE-2011-1256 BID: 48207 OSVDB: 72948 Background The Document Object Model DOM is a convention for interacting with objects in HTML pages. Problem A memory corruption vulnerability in Internet Explorer allows command execution when a user loads a specially crafted web page...
Adobe Shockwave Player Lnam Chunk Processing Buffer Overflow
Added: 11/08/2010 CVE: CVE-2010-3655 BID: 44516 Background Adobe Shockwave is a multimedia player used to add animation and interactivity to web pages. It allows Adobe Director applications to be published on the Internet and viewed in a web browser on any computer which has the Shockwave plug-in...
Adobe Shockwave Director rcsL Chunk Remote Code Execution
Added: 11/04/2010 CVE: CVE-2010-3653 BID: 44291 OSVDB: 68803 Background Adobe Shockwave is a multimedia player used to add animation and interactivity to web pages. It allows Adobe Director applications to be published on the Internet and viewed in a web browser on any computer which has the...
Mozilla Firefox document.write and DOM insertion memory corruption
Added: 11/04/2010 CVE: CVE-2010-3765 BID: 44425 OSVDB: 68905 Background Firefox is a freely available web browser for multiple platforms including Windows, Linux, and Mac OS. Problem A memory corruption vulnerability allows command execution when a user loads a specially crafted web page containi...
Microsoft Office Excel RTD Topic String Buffer Overflow
Added: 10/20/2010 CVE: CVE-2010-1246 BID: 40524 OSVDB: 65238 Background Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows platforms. Problem Microsoft Office Excel 2002 is vulnerable to a buffer overflow when parsing Real Time Data RTD Future...
Apple QuickTime QTPlugin.ocx _Marshaled_pUnk Code Execution
Added: 09/20/2010 CVE: CVE-2010-1818 BID: 42841 OSVDB: 67705 Background Apple QuickTime is a media player for Windows and Mac OS platforms. Problem An input validation error in Apple QuickTime 7.6.7 and earlier versions allows remote attackers to execute arbitrary code by enticing the user to ope...
Windows SMB2 buffer overflow
Added: 09/20/2010 CVE: CVE-2009-3103 BID: 36299 OSVDB: 57799 Background SMB2 is the replacement protocol for the SMB Windows filesharing protocol. Problem A buffer overflow vulnerability in the SMB2 Service allows remote attackers to execute arbitrary commands. Resolution Apply the patch referenc...
Microsoft Office Excel Malformed Obj Record Stack Buffer Overflow
Added: 07/22/2010 CVE: CVE-2010-0822 BID: 40520 OSVDB: 65236 Background Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows and Macintosh platforms. Problem Microsoft Excel is vulnerable to a buffer overflow when processing malformed OBJ recType...
EasyMail SMTP ActiveX Control AddAttachment buffer overflow
Added: 12/10/2009 BID: 36440 OSVDB: 59939 Background QuikSoft EasyMail Objects is a set of ActiveX controls which provide e-mail functionality. QuikSoft EasyMail Objects is included with Oracle Document Capture among other products. Problem A stack buffer overflow vulnerability in the...
Microsoft Office Web Components OWC.Spreadsheet Evaluate method vulnerability
Added: 07/14/2009 CVE: CVE-2009-1136 BID: 35642 OSVDB: 55806 Background Microsoft Office Web Components OWC are a group of OLE classes implemented as ActiveX controls. Problem A memory corruption vulnerability allows command execution when a web page passes a specially crafted parameter to the...
Microsoft PowerPoint Legacy Format Scheme record buffer overflow
Added: 06/26/2009 CVE: CVE-2009-0226 BID: 34881 OSVDB: 54385 Background Microsoft PowerPoint is presentation software included in the Microsoft Office desktop suite. Problem A buffer overflow vulnerability in Microsoft PowerPoint allows command execution when a user opens a PowerPoint 4.0 stream...
Windows Print Spooler EnumeratePrintShares buffer overflow
Added: 06/16/2009 CVE: CVE-2009-0228 BID: 35206 Background The Windows Print Spooler manages the printing process on Windows operating systems. Problem A buffer overflow vulnerability in the EnumeratePrintShares function in the Windows Print Spooler service allows arbitrary command execution when...
Microsoft PowerPoint Legacy File Format Printer driver buffer overflow
Added: 05/14/2009 CVE: CVE-2009-0227 BID: 34882 OSVDB: 54384 Background Microsoft PowerPoint is presentation software included in the Microsoft Office desktop suite. Problem A buffer overflow vulnerability in the Legacy File Format conversion filter PP4X322.dll allows command execution when a use...
Adobe Acrobat JavaScript getIcon method buffer overflow
Added: 03/27/2009 CVE: CVE-2009-0927 BID: 34169 Background Adobe Acrobat is software for creating PDF documents. Adobe Reader is free software for viewing PDF documents. Problem A buffer overflow vulnerability allows command execution when a user opens a PDF file which calls the JavaScript getIco...
Oracle Database OLAP component ODCITABLESTART buffer overflow
Added: 02/06/2009 CVE: CVE-2008-3974 BID: 33177 OSVDB: 51347 Background The Online Analytical Processing OLAP component of Oracle Database is a set of stored procedures used for multi-dimensional analytical queries. Problem A buffer overflow vulnerability in the ODCITABLESTART function allows...
GoodTech SSH Server SFTP buffer overflow
Added: 11/28/2008 CVE: CVE-2008-4726 BID: 31879 OSVDB: 49249 Background GoodTech SSH Server is an SSH Server providing secure remote console, secure file transfer, and secure port forwarding capabilities for Windows platforms. Problem Buffer overflow vulnerabilities in GoodTech SSH Server allow...
TFTP Server error packet buffer overflow
Added: 09/12/2008 CVE: CVE-2008-2161 BID: 29111 OSVDB: 44904 Background TFTP Server is an open source server implementation of the tftp protocol for multiple platforms. Problem A buffer overflow vulnerability in the handling of error packets allows remote attackers to execute arbitrary commands...
CA ARCserve Backup for Laptops and Desktops LGServer service code execution
Added: 05/07/2008 CVE: CVE-2008-1328 BID: 28616 OSVDB: 44320 Background BrightStor ARCserve Backup for Laptops and Desktops is an automated backup solution optimized for low-bandwidth, intermittent network connections. Problem A buffer overflow vulnerability in BrightStor ARCserve Backup for...
HP Openview Network Node Manager ovwparser.dll buffer overflow
Added: 04/14/2008 CVE: CVE-2008-1697 BID: 28569 OSVDB: 43992 Background HP OpenView Network Node Manager is network availability and performance management software. Problem A vulnerability in ovwparser.dll allows remote attackers to execute arbitrary commands by sending a request for a long,...
Microsoft Office Drawing Shapes memory corruption vulnerability
Added: 04/04/2008 CVE: CVE-2008-0118 BID: 28146 OSVDB: 42709 Background Microsoft Office is a package which provides word processing, spreadsheet, presentation, e-mail, and calendaring capabilities for Microsoft Windows workstations. Problem A memory corruption vulnerability allows command...
Lotus Domino IMAP mailbox name buffer overflow
Added: 11/02/2007 CVE: CVE-2007-3510 BID: 26176 OSVDB: 40953 Background IBM Lotus Domino is a messaging and collaboration solution for multiple platforms. Problem A buffer overflow vulnerability in Lotus Domino could allow a remote, authenticated attacker to execute arbitrary commands by sending ...
Trend Micro ServerProtect RPC NTF_SetPagerNotifyConfig buffer overflow
Added: 08/23/2007 CVE: CVE-2007-4218 BID: 25395 OSVDB: 39754 Background ServerProtect is a virus scanner for servers. Problem A buffer overflow in the NTFSetPagerNotifyConfig function within the Notification.dll library allows remote attackers to execute arbitrary commands by sending a specially...
Internet Explorer tblinf32.dll ActiveX IObjectsafety vulnerability
Added: 08/17/2007 CVE: CVE-2007-2216 BID: 25289 OSVDB: 36396 Background The IObjectsafety interface provides methods to get and set safety options for objects which support untrusted clients. Problem The tblinf32.dll ActiveX control implements IObjectsafety incorrectly, allowing execution of code...
Sun Java System Web Proxy sockd buffer overflow
Added: 05/30/2007 CVE: CVE-2007-2881 BID: 24165 OSVDB: 35841 Background The Sun Java System Web Proxy Server formerly Sun ONE Web Proxy Server provides content filtering and caching capabilities. It is a companion product to the Sun Java System Web Server. Problem A buffer overflow vulnerability ...
Trend Micro ServerProtect EarthAgent RPC buffer overflow
Added: 05/16/2007 CVE: CVE-2007-2508 BID: 23866 OSVDB: 35789 Background Trend Micro ServerProtect is a virus scanner for servers. It includes the EarthAgent daemon which listens for connections on port 3628/TCP. Problem A buffer overflow vulnerability in the EarthAgent daemon allows remote...
Microsoft Excel PALETTE record buffer overflow
Added: 01/11/2007 CVE: CVE-2007-0031 BID: 21922 OSVDB: 31258 Background Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows platforms. Problem A buffer overflow vulnerability in Microsoft Excel allows command execution when a user opens a speciall...