Lucene search
+L
SaintMost viewed

4305 matches found

Saint
Saint
•added 2012/09/19 12:0 a.m.•44 views

Internet Explorer CMshtmlEd execCommand Use After Free

Added: 09/19/2012 CVE: CVE-2012-4969 BID: 55562 OSVDB: 85532 Background Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems. Problem Internet Explorer does not properly clean up references to objects passed to the execCommand Javascript method. If...

9.3CVSS8.2AI score0.81716EPSS
Exploits8
Saint
Saint
•added 2012/06/27 12:0 a.m.•44 views

Microsoft XML Core Services memory corruption

Added: 06/27/2012 CVE: CVE-2012-1889 BID: 53934 OSVDB: 82873 Background Microsoft XML Core Services allows developers to create XML-based applications. Problem A memory corruption vulnerability allows command execution when a user opens a specially crafted web page, which causes MSXML to access a...

9.3CVSS9AI score0.83638EPSS
Exploits12
Saint
Saint
•added 2012/06/15 12:0 a.m.•44 views

Microsoft OLE Object File Handling vulnerability

Added: 06/15/2012 CVE: CVE-2011-3400 BID: 50977 OSVDB: 77663 Background Object Linking and Embedding OLE allows applications to create and edit compound documents. For example, a Microsoft Excel spreadsheet can be embedded within a Microsoft Word application. Problem A vulnerability when handling...

9.3CVSS6.3AI score0.71722EPSS
Exploits11
Saint
Saint
•added 2012/06/04 12:0 a.m.•44 views

SAP NetWeaver Dispatcher DiagTraceR3Info Packet Parsing Vulnerability

Added: 06/04/2012 CVE: CVE-2012-2611 OSVDB: 81759 Background SAP Netweaver is a technology platform for building and integrating SAP business applications. Problem SAP Netweaver is vulnerable to a stack buffer overflow when configured with the developer trace level set to 2 or higher. The...

9.3CVSS9.6AI score0.41919EPSS
Exploits13
Saint
Saint
•added 2012/05/02 12:0 a.m.•44 views

Oracle WebCenter Forms Recognition SSSplitter ActiveX Overwrite

Added: 05/02/2012 CVE: CVE-2012-1710 BID: 53062 OSVDB: 81366 Background Oracle WebCenter Imaging is a combined document management and business process management suite, marketed as a component of the Oracle Fusion Middleware portfolio of products. Oracle Forms Recognition OFR is an intelligent...

7.5CVSS9.3AI score0.11636EPSS
Exploits4
Saint
Saint
•added 2012/01/12 12:0 a.m.•44 views

Microsoft PowerPoint Floating Point Techno-color Time Bandit vulnerability

Added: 01/12/2012 CVE: CVE-2011-0655 BID: 47252 OSVDB: 71771 Background Microsoft PowerPoint is presentation software included in the Microsoft Office desktop suite. Problem The vulnerability is caused when PowerPoint reads an invalid record in a specially crafted PowerPoint file. A remote attack...

9.3CVSS6.6AI score0.22593EPSS
Exploits5
Saint
Saint
•added 2011/12/12 12:0 a.m.•44 views

BroadWin WebAccess SCADA Client ActiveX Format String

Added: 12/12/2011 OSVDB: 74897 Background BroadWin WebAccess is a web-based SCADA reporting and control solution. Problem BroadWin WebAccess installs an ActiveX Control in the user's browser. The OcxSpool function of this control accepts a parameter that is evaluated using a format string. A form...

7.4AI score
Exploits0
Saint
Saint
•added 2011/11/25 12:0 a.m.•44 views

Wireshark Lua Untrusted Search Path vulnerability

Added: 11/25/2011 CVE: CVE-2011-3360 BID: 49528 OSVDB: 75347 Background Wireshark is a network packet analyzer. Problem A vulnerability in Wireshark allows execution of arbitrary Lua scripts placed in untrusted directories which are included in Wireshark's search path. Resolution Upgrade to...

9.3CVSS7.5AI score0.35528EPSS
Exploits9
Saint
Saint
•added 2011/10/24 12:0 a.m.•44 views

Apple Safari libxslt File Create

Added: 10/24/2011 CVE: CVE-2011-1774 BID: 48840 OSVDB: 74017 Background Safari is a web browser for Mac OS X and Windows. Problem Safari versions prior to 5.0.6 use unsafe security settings when implementing libxslt. An attacker may leverage this weakness by creating a web page that references a...

8.8CVSS6.8AI score0.43195EPSS
Exploits11
Saint
Saint
•added 2011/10/14 12:0 a.m.•44 views

HP Intelligent Management Center iNodeMngChecker.exe Buffer Overflow

Added: 10/14/2011 CVE: CVE-2011-1867 BID: 48527 OSVDB: 73597 Background HP Intelligent Management Center, also known as HP iNode Management Center, is a comprehensive management platform for delivering integrated, modular network management capabilities. The iNodeMngChecker.exe component listens,...

10CVSS7.5AI score0.25787EPSS
Exploits4
Saint
Saint
•added 2011/09/12 12:0 a.m.•44 views

RealNetworks RealPlayer QCP Parsing

Added: 09/12/2011 CVE: CVE-2011-2950 BID: 49172 OSVDB: 74549 Background RealPlayer is a media player application which can play back various multimedia file formats, including QCP audio files. The QCP file format is frequently used to provide ring tones and to record voice for cellular telephones...

9.3CVSS6.6AI score0.28612EPSS
Exploits8
Saint
Saint
•added 2011/08/05 12:0 a.m.•44 views

Oracle Outside In CDR File Parser Stack Buffer Overflow

Added: 08/05/2011 CVE: CVE-2011-2264 BID: 48766 OSVDB: 73912 Background Oracle Outside In is a suite of Software Development Kits SDKs and tools that provide functionality for reading and writing many different file formats. The Outside In SDK is embedded by multiple client and server products th...

4.4CVSS6.3AI score0.31114EPSS
Exploits4
Saint
Saint
•added 2011/07/18 12:0 a.m.•44 views

HP OpenView Storage Data Protector Opcode 27 Stack Buffer Overflow

Added: 07/18/2011 CVE: CVE-2011-1865 BID: 48486 OSVDB: 73571 Background HP Data Protector is a backup solution for enterprise and distributed environments. The Data Protector environment consists of a Cell Manager, backup agents, and backup device servers. The OmniInet process omniinet.exe is...

10CVSS7.7AI score0.88948EPSS
Exploits18
Saint
Saint
•added 2011/05/16 12:0 a.m.•44 views

Novell File Reporter Agent XML Parser Buffer Overflow

Added: 05/16/2011 CVE: CVE-2011-0994 BID: 47144 OSVDB: 71980 Background Novell File Reporter is software that allows network administrators to identify files stored on the network and generates reports regarding the size of individual files, file type, when files were last accessed, and where...

10CVSS7.3AI score0.17936EPSS
Exploits6
Saint
Saint
•added 2011/04/17 12:0 a.m.•44 views

7-Technologies Interactive Graphical SCADA System Remote Code Execution

Added: 04/17/2011 CVE: CVE-2011-1567 BID: 46936 Background 7-Technologies Interactive Graphical SCADA System IGSS is a SCADA solution used mainly in Denmark and the US. Problem 7T IGSS server contains multiple stack overflows, a format string vulnerability, a remote command execution vulnerabilit...

10CVSS6.6AI score0.69618EPSS
Exploits10
Saint
Saint
•added 2011/03/30 12:0 a.m.•44 views

Adobe Reader Flash AVM2 Memory Corruption

Added: 03/30/2011 CVE: CVE-2011-0609 BID: 46860 OSVDB: 71254 Background Adobe Reader is free software for viewing PDF documents. Problem Adobe Reader 9.x is vulnerable to a remote code execution vulnerability as a result of parsing flash content by the bundled Adobe Flash Player. Resolution Updat...

9.3CVSS8.3AI score0.66821EPSS
Exploits8
Saint
Saint
•added 2011/02/14 12:0 a.m.•44 views

Microsoft Windows Fax Cover Page Editor Double Free Memory Corruption Vulnerability

Added: 02/14/2011 CVE: CVE-2010-4701 BID: 45942 Background The Microsoft Windows Fax Service allows a Windows system to act as a fax server. One of the tools within the Windows Fax Service suite is the Fax Cover Page Editor fxscover.exe, which allows users to create their own customized cover...

7.6CVSS6.6AI score0.47832EPSS
Exploits5
Saint
Saint
•added 2011/02/10 12:0 a.m.•44 views

WebEx WRF Player buffer overflow

Added: 02/10/2011 CVE: CVE-2010-3269 BID: 46075 Background The WebEx Recording Format WRF is used to save recordings of WebEx meetings to a file. The WebEx WRF Player allows users to play a WRF file. Problem A buffer overflow vulnerability in the WebEx WRF Player allows command execution when a...

9.3CVSS6.8AI score0.11414EPSS
Exploits4
Saint
Saint
•added 2010/12/28 12:0 a.m.•44 views

HP Power Manager formLogin buffer overflow

Added: 12/28/2010 CVE: CVE-2010-4113 OSVDB: 69969 Background HP Power Manager is a web-based application that enables administrators to manage an HP UPS from a browser-based management console. Problem A buffer overflow vulnerability in the Administration interface allows remote attackers to...

9.3CVSS7.7AI score0.09722EPSS
Exploits4
Saint
Saint
•added 2010/12/16 12:0 a.m.•44 views

Internet Explorer HTML+TIME element OuterText memory corruption

Added: 12/16/2010 CVE: CVE-2010-3346 BID: 45261 OSVDB: 69829 Background The HTML+TIME component of Internet Explorer adds timing and media synchronization support to HTML pages. Problem A memory corruption vulnerability in the HTML+TIME component allows command execution when a user loads a...

9.3CVSS6.4AI score0.28886EPSS
Exploits4
Saint
Saint
•added 2010/11/16 12:0 a.m.•44 views

Adobe Flash Player Flash Content Parsing Code Execution

Added: 11/16/2010 CVE: CVE-2010-3654 BID: 44504 OSVDB: 68932 Background Adobe Reader is free software for viewing PDF documents. Problem Adobe Reader 9.x is vulnerable to a remote code execution vulnerability as a result of parsing flash content by the bundled Adobe Flash Player. Resolution Apply...

9.3CVSS8AI score0.69679EPSS
Exploits14
Saint
Saint
•added 2010/11/08 12:0 a.m.•44 views

Adobe Shockwave Player Lnam Chunk Processing Buffer Overflow

Added: 11/08/2010 CVE: CVE-2010-3655 BID: 44516 Background Adobe Shockwave is a multimedia player used to add animation and interactivity to web pages. It allows Adobe Director applications to be published on the Internet and viewed in a web browser on any computer which has the Shockwave plug-in...

9.3CVSS7.4AI score0.08871EPSS
Exploits4
Saint
Saint
•added 2010/09/24 12:0 a.m.•44 views

Lotus Domino nrouter.exe iCalendar MAILTO buffer overflow

Added: 09/24/2010 CVE: CVE-2010-3407 BID: 43219 OSVDB: 68040 Background IBM Lotus Domino is a messaging and collaboration solution for multiple platforms. Problem A buffer overflow in the nrouter.exe service allows remote attackers to execute arbitrary commands by sending an iCalendar message...

9.3CVSS7.9AI score0.41475EPSS
Exploits9
Saint
Saint
•added 2010/09/02 12:0 a.m.•44 views

Trend Micro Internet Security Pro ActiveX Control extSetOwner code execution

Added: 09/02/2010 CVE: CVE-2010-3189 BID: 42717 OSVDB: 67561 Background Trend Micro Internet Security Pro is a virus protection and Internet security product for home users. Problem A vulnerability in the UfPBCtrl.dll ActiveX control allows command execution when a user loads a web page which cal...

9.3CVSS6.5AI score0.39216EPSS
Exploits14
Saint
Saint
•added 2010/08/12 12:0 a.m.•44 views

Microsoft Office Word RTF Parsing Engine Memory Corruption

Added: 08/12/2010 CVE: CVE-2010-1901 BID: 42132 OSVDB: 66995 Background Microsoft Office Word is Microsoft's word processing software, released as a component of Microsoft Office suite. Problem Microsoft Office Word does not perform sufficient data validation when handling rich text data. When Wo...

9.3CVSS6.8AI score0.19399EPSS
Exploits5
Saint
Saint
•added 2010/07/12 12:0 a.m.•44 views

Novell iManager EnteredClassName buffer overflow

Added: 07/12/2010 CVE: CVE-2010-1929 BID: 40480 OSVDB: 65737 Background Novell iManager is a web-based management interface for other Novell products. Problem A buffer overflow vulnerability in jclient.dll allows remote attackers to execute arbitrary commands by sending a specially crafted...

9CVSS7.8AI score0.16097EPSS
Exploits10
Saint
Saint
•added 2010/05/07 12:0 a.m.•44 views

Microsoft Visio DXF file insertion buffer overflow

Added: 05/07/2010 CVE: CVE-2010-1681 BID: 39836 Background Microsoft Visio is a component of the Microsoft Office suite which provides the capability to produce diagrams. Problem A buffer overflow vulnerability allows command execution when a user inserts a specially crafted DXF file into a Visio...

7.6CVSS6.7AI score0.67309EPSS
Exploits11
Saint
Saint
•added 2010/03/11 12:0 a.m.•44 views

Microsoft Excel DbOrParamQry memory corruption

Added: 03/11/2010 CVE: CVE-2010-0264 BID: 38555 OSVDB: 62823 Background Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows and Macintosh platforms. Problem A memory corruption vulnerability in Microsoft Excel allows command execution when a user...

9.3CVSS7.8AI score0.21221EPSS
Exploits5
Saint
Saint
•added 2009/06/22 12:0 a.m.•44 views

Oracle Secure Backup login.php ora_osb_lcookie command execution

Added: 06/22/2009 CVE: CVE-2008-4006 BID: 33177 OSVDB: 51343 Background Oracle Secure Backup is a centralized tape backup management solution for Oracle Database. Problem A command execution vulnerability in the Oracle Secure Backup web interface allows remote attackers to execute arbitrary...

10CVSS7.2AI score0.03433EPSS
Exploits4
Saint
Saint
•added 2009/04/29 12:0 a.m.•44 views

Microsoft SQL Server spreplwritetovarbin Buffer Overflow

Added: 04/29/2009 CVE: CVE-2008-5416 BID: 32710 OSVDB: 50917 Background Microsoft SQL Server is a database server package for Windows platforms. Problem A buffer overflow vulnerability in the spreplwritetovarbin stored procedure allows remote, authenticated attackers to execute arbitrary commands...

9CVSS10AI score0.87036EPSS
Exploits12
Saint
Saint
•added 2009/01/09 12:0 a.m.•44 views

HP OpenView Network Node Manager Toolbar.exe CGI buffer overflow

Added: 01/09/2009 CVE: CVE-2008-0067 BID: 33147 Background HP OpenView Network Node Manager is network availability and performance management software. Problem A buffer overflow vulnerability allows remote attackers to execute arbitrary commands by requesting the Toolbar.exe CGI program with a...

10CVSS7.8AI score0.63419EPSS
Exploits19
Saint
Saint
•added 2008/12/19 12:0 a.m.•44 views

Visual FoxPro vfp6r.dll ActiveX Control DoCmd command execution

Added: 12/19/2008 CVE: CVE-2008-0236 BID: 27205 OSVDB: 40380 Background Visual FoxPro is a tool for developing database applications. Problem The vfp6r.dll ActiveX control allows command execution when a user opens a web page which uses the DoCmd method. Resolution Set the kill bit for class ID...

5.8CVSS6.6AI score0.17384EPSS
Exploits5
Saint
Saint
•added 2008/11/10 12:0 a.m.•44 views

Adobe Acrobat util.printf JavaScript function buffer overflow

Added: 11/10/2008 CVE: CVE-2008-2992 BID: 30035 OSVDB: 49520 Background Adobe Acrobat is software for creating PDF documents. Problem A buffer overflow vulnerability allows command execution when a user opens a PDF file which calls the util.printf JavaScript function with a specially crafted form...

9.3CVSS8.2AI score0.98482EPSS
Exploits19
Saint
Saint
•added 2008/10/24 12:0 a.m.•44 views

Microsoft Excel formula parsing integer overflow

Added: 10/24/2008 CVE: CVE-2008-4019 BID: 31706 OSVDB: 49078 Background Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows and Macintosh platforms. Problem An integer overflow in the REPT function allows command execution when a user loads an Exc...

9.3CVSS6.6AI score0.34415EPSS
Exploits5
Saint
Saint
•added 2008/10/06 12:0 a.m.•44 views

Autodesk LiveUpdate ActiveX control ApplyPatch method vulnerability

Added: 10/06/2008 CVE: CVE-2008-4472 BID: 31490 OSVDB: 49047 Background Autodesk is a suite of architectural design software products. Problem The ApplyPatch method in the LiveUpdate ActiveX control allows a web page to execute arbitrary files on the system. Remote command execution is possible b...

9.3CVSS7.3AI score0.07836EPSS
Exploits4
Saint
Saint
•added 2008/09/24 12:0 a.m.•44 views

DNS zone transfer

Added: 09/24/2008 CVE: CVE-1999-0532 OSVDB: 492 Background A DNS zone transfer is the process by which a secondary name server copies all DNS records for a domain from a primary name server. Problem If DNS zone transfers are not restricted, they can allow attackers to enumerate hosts in a domain...

6.2AI score0.68535EPSS
Exploits7
Saint
Saint
•added 2008/07/25 12:0 a.m.•44 views

Oracle WebLogic Server Apache Connector POST buffer overflow

Added: 07/25/2008 CVE: CVE-2008-3257 BID: 30273 OSVDB: 47096 Background Oracle WebLogic Server formerly BEA WebLogic Server is a Java web application platform. Problem A buffer overflow in the Apache Connector for WebLogic Server allows remote attackers to execute arbitrary commands by sending a...

10CVSS7.8AI score0.83589EPSS
Exploits9
Saint
Saint
•added 2008/07/18 12:0 a.m.•44 views

Alt-N SecurityGateway username buffer overflow

Added: 07/18/2008 CVE: CVE-2008-4193 BID: 29457 OSVDB: 45854 Background Alt-N SecurityGateway is an e-mail spam firewall for Exchange and SMTP servers. Problem A buffer overflow vulnerability in the web administration interface allows remote attackers to execute arbitrary commands by sending an...

10CVSS7.9AI score0.74612EPSS
Exploits8
Saint
Saint
•added 2008/06/20 12:0 a.m.•44 views

Lotus Expeditor cai URI handler command injection

Added: 06/20/2008 CVE: CVE-2008-1965 BID: 28926 OSVDB: 44868 Background Lotus Expeditor is a desktop integration framework used by Lotus products including Lotus Symphony. Problem Lotus Expeditor registers a handler for cai: URIs which passes arbitrary arguments to rcplauncher.exe. This allows...

9.3CVSS6.7AI score0.10675EPSS
Exploits5
Saint
Saint
•added 2007/12/03 12:0 a.m.•44 views

MIT Kerberos 5 RPC library RPCSEC_GSS buffer overflow

Added: 12/03/2007 CVE: CVE-2007-3999 BID: 25534 OSVDB: 37324 Background Kerberos is a network authentication protocol which provides strong authentication for client/server applications. MIT Kerberos 5 is a free implementation of this protocol. Problem A buffer overflow in the svcauthgssvalidate...

10CVSS9.5AI score0.10997EPSS
Exploits4
Saint
Saint
•added 2007/09/21 12:0 a.m.•44 views

Trend Micro ServerProtect SpntSvc RPC buffer overflow

Added: 09/21/2007 CVE: CVE-2007-4218 BID: 25395 OSVDB: 39753 Background ServerProtect is a virus scanner for servers. The Trend Micro ServerProtect service SpntSvc.exe handles RPC requests on port 5168/TCP. Problem Buffer overflow vulnerabilities in the Trend Micro ServerProtect service allow...

10CVSS7.7AI score0.13021EPSS
Exploits12
Saint
Saint
•added 2007/04/25 12:0 a.m.•44 views

Novell GroupWise WebAccess base64_decode buffer overflow

Added: 04/25/2007 CVE: CVE-2007-2171 BID: 23556 OSVDB: 35018 Background Novell GroupWise includes a WebAccess service which allows users to access their e-mail using a web browser. Problem A buffer overflow in the base64decode function allows remote attackers to execute arbitrary commands by...

10CVSS7.9AI score0.24332EPSS
Exploits5
Saint
Saint
•added 2007/03/12 12:0 a.m.•44 views

snmpXdmid buffer overflow

Added: 03/12/2007 CVE: CVE-2001-0236 BID: 2417 OSVDB: 546 Background The SNMP to DMI mapper daemon snmpXdmid translates Simple Network Management Protocol SNMP events to Desktop Management Interface DMI indications and vice-versa. Problem snmpXdmid is affected by a buffer overflow vulnerability...

10CVSS7.4AI score0.72036EPSS
Exploits6
Saint
Saint
•added 2007/02/21 12:0 a.m.•44 views

Trend Micro OfficeScan client ActiveX control buffer overflow

Added: 02/21/2007 CVE: CVE-2007-0325 BID: 22585 OSVDB: 33040 Background Trend Micro OfficeScan is a centralized virus and security scan management system. Problem The OfficeScan Web-Deployment SetupINICtrl ActiveX control, which is vulnerable to buffer overflows in multiple methods, is...

9.3CVSS6.7AI score0.34006EPSS
Exploits6
Saint
Saint
•added 2007/02/02 12:0 a.m.•44 views

BrightStor ARCserve LGServer buffer overflow

Added: 02/02/2007 CVE: CVE-2007-0449 BID: 22342 OSVDB: 31593 Background BrightStor ARCserve Backup for Laptops and Desktops is an automated backup solution optimized for low-bandwidth, intermittent network connections. Problem A buffer overflow vulnerability in BrightStor ARCserve Backup for...

10CVSS7.8AI score0.7924EPSS
Exploits7
Saint
Saint
•added 2006/12/29 12:0 a.m.•44 views

NetMail IMAP APPEND command buffer overflow

Added: 12/29/2006 CVE: CVE-2006-6425 BID: 21723 OSVDB: 31362 Background Novell NetMail is an e-mail and calendaring server application. Problem A buffer overflow in the NetMail IMAP service allows remote, authenticated attackers to execute arbitrary commands by sending a long, specially crafted...

9CVSS7.7AI score0.58474EPSS
Exploits7
Saint
Saint
•added 2006/11/17 12:0 a.m.•44 views

Microsoft XMLHTTP ActiveX control setRequestHeader vulnerability

Added: 11/17/2006 CVE: CVE-2006-5745 BID: 20915 OSVDB: 30208 Background Microsoft XML Core Services includes the XMLHTTP ActiveX control, which allows web pages to send and receive XML data. Problem A memory corruption vulnerability in the XMLHTTP ActiveX control allows command execution when a...

7.6CVSS6.7AI score0.75946EPSS
Exploits7
Saint
Saint
•added 2006/11/16 12:0 a.m.•44 views

Microsoft Client Service for NetWare tree name buffer overflow

Added: 11/16/2006 CVE: CVE-2006-4688 BID: 20984 OSVDB: 30260 Background The Client Service for NetWare, also known as the Gateway Service for NetWare, allows Windows users to access NetWare file, print, and directory services. It is available with Microsoft Windows operating systems but is not...

7.5CVSS7.5AI score0.76878EPSS
Exploits11
Saint
Saint
•added 2006/07/26 12:0 a.m.•44 views

CS-MARS JBoss jmx-console access

Added: 07/26/2006 CVE: CVE-2006-3733 BID: 19075 OSVDB: 27419 Background The Cisco Security Monitoring, Analysis, and Response System CS-MARS recognizes and correlates network attacks. Problem CS-MARS includes the JBoss web application server with insufficient access control to the jmx-console...

7.5CVSS7.1AI score0.1176EPSS
Exploits4
Saint
Saint
•added 2006/04/14 12:0 a.m.•44 views

VERITAS NetBackup vnetd bpspsserver buffer overflow

Added: 04/14/2006 CVE: CVE-2006-0991 BID: 17264 OSVDB: 24170 Background VERITAS NetBackup is a backup and recovery solution for multiple platforms. Problem A buffer overflow in bpspsserver allows a remote attacker to execute arbitrary commands by sending a specially crafted Request Service messag...

7.1CVSS7.8AI score0.10972EPSS
Exploits4
Total number of security vulnerabilities4305