Lucene search
K
SaintMost viewed

4305 matches found

Saint
Saint
•added 2021/04/09 12:0 a.m.•43 views

Google Chrome SimplifiedLowering bug

Added: 04/09/2021 Background Google Chrome is a web browser application available for multiple platforms. Problem A bug in the SimplifiedLowering function can potentially lead to a heap overflow which can be exploited to execute arbitrary commands when a user opens a malicious web page. Resolutio...

8.2AI score
Exploits0
Saint
Saint
•added 2015/07/16 12:0 a.m.•43 views

Accellion FTA getStatus command injection

Added: 07/16/2015 CVE: CVE-2015-2857 Background The Accellion File Transfer Appliance is a solution for secure file sharing. Problem A command injection vulnerability allows remote attackers to execute arbitrary commands contained in the oauthtoken parameter to the getStatus action. Resolution...

9.2CVSS10AI score0.84178EPSS
Exploits12
Saint
Saint
•added 2015/02/18 12:0 a.m.•43 views

HP Data Protector Windows Unauthenticated Remote Code Execution

Added: 02/18/2015 CVE: CVE-2014-2623 BID: 68672 OSVDB: 109069 Background HP Data Protector is a backup solution for enterprise and distributed environments. Data Protector Manager listens on port 5555/TCP. Problem HP Data Protector is vulnerable to remote unauthenticated arbitrary command executi...

10CVSS9.8AI score0.89394EPSS
Exploits20
Saint
Saint
•added 2014/07/24 12:0 a.m.•43 views

Microsoft Word RTF Object Confusion

Added: 07/24/2014 CVE: CVE-2014-1761 BID: 66385 OSVDB: 104895 Background Microsoft Office Word is Microsoft's word processing software, released as a component of Microsoft Office suite. Problem A buffer overflow exists due to an error in processing RTF files. The flaw is triggered by supplying a...

9.3CVSS7.9AI score0.7746EPSS
Exploits10
Saint
Saint
•added 2014/04/17 12:0 a.m.•43 views

Internet Explorer CMarkup Object Handling Use-after-free Vulnerability

Added: 04/17/2014 CVE: CVE-2014-0322 BID: 65551 OSVDB: 103354 Background Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems. Problem Microsoft Internet Explorer 9 and 10 contain a use-after-free vulnerability in the CMarkup component of the MSHTML...

9.3CVSS9.1AI score0.85239EPSS
Exploits23
Saint
Saint
•added 2014/01/10 12:0 a.m.•43 views

vTiger CRM AddEmailAttachment arbitrary file upload

Added: 01/10/2014 CVE: CVE-2013-3214 BID: 61558 OSVDB: 95902 Background vTiger CRM is a customer relationship management application written in PHP. Problem An arbitrary file upload vulnerability when handling SOAP AddEmailAttachment requests allows remote attackers to execute arbitrary commands ...

10AI score0.84535EPSS
Exploits13
Saint
Saint
•added 2013/11/25 12:0 a.m.•43 views

PineApp Mail-SeCure confnetworking.html nsserver command execution

Added: 11/25/2013 CVE: CVE-2013-6830 BID: 63817 OSVDB: 100029 Background PineApp Mail-SeCure is an e-mail security appliance which provides perimeter security protection to stop threats prior to their penetration of the customer's network, as well as post-perimeter anti-spam content inspection...

7.5CVSS7.5AI score0.08929EPSS
Exploits5
Saint
Saint
•added 2013/11/18 12:0 a.m.•43 views

Symantec Altiris DS SQL injection

Added: 11/18/2013 CVE: CVE-2008-2286 BID: 29198 OSVDB: 45313 Background Altiris Deployment Solution DS is software for managing the configuration of machines on a network. Problem An SQL injection vulnerability allows remote attackers to execute arbitrary commands by sending a specially crafted...

7.5CVSS8.1AI score0.32678EPSS
Exploits9
Saint
Saint
•added 2013/10/03 12:0 a.m.•43 views

HP ProCurve Manager SNAC UpdateCertificatesServlet FileName Vulnerability

Added: 10/03/2013 CVE: CVE-2013-4812 BID: 62348 OSVDB: 97155 Background HP ProCurve Manager PCM is a secure, advanced Windows-based network management platform that allows administrators to configure, update, monitor, and troubleshoot ProCurve devices centrally. Problem The SNAC registration serv...

10CVSS7.1AI score0.51903EPSS
Exploits10
Saint
Saint
•added 2013/09/12 12:0 a.m.•43 views

Windows Crafted Theme File Handling Vulnerability

Added: 09/12/2013 CVE: CVE-2013-0810 BID: 62176 OSVDB: 97136 Background Microsoft Windows themes are a combination of personalization settings that change how the user's desktop looks and sounds. A theme could specify user settings such as the desktop background, window border color, sounds, and...

9.3CVSS8AI score0.59885EPSS
Exploits10
Saint
Saint
•added 2013/09/04 12:0 a.m.•43 views

Oracle Endeca Server createDataStore method command execution

Added: 09/04/2013 CVE: CVE-2013-3763 BID: 61217 OSVDB: 95269 Background Oracle Endeca Server is a hybrid search-analytical database. Problem A vulnerability in the controlSoapBinding service allows remote attackers to execute arbitrary commands by sending a request for the createDataStore method...

5.5CVSS7.2AI score0.5984EPSS
Exploits8
Saint
Saint
•added 2013/08/08 12:0 a.m.•43 views

Corel PDF Fusion XPS File ZIP Directory Vulnerability

Added: 08/08/2013 CVE: CVE-2013-3248 BID: 61010 OSVDB: 94933 Background Corel PDF Fusion is a software application used to assemble, edit and create PDFs from more than 100 different file types by dragging and dropping them onto the Welcome Screen. It allows adding new text, bookmarks and comment...

9.3CVSS7.4AI score0.18483EPSS
Exploits8
Saint
Saint
•added 2013/06/03 12:0 a.m.•43 views

Internet Explorer VML Dashstyle Attributes Integer Overflow

Added: 06/03/2013 CVE: CVE-2013-2551 BID: 58570 OSVDB: 91197 Background Vector Markup Language VML is an XML-based format for vector graphics. Problem An integer overflow vulnerability in vml.dll when processing dashstyle attributes of certain VML elements in a web page allows arbitrary command...

9.3CVSS8.5AI score0.74096EPSS
Exploits9
Saint
Saint
•added 2013/04/29 12:0 a.m.•43 views

3S CoDeSys Gateway Server Crafted Packet Stack Overflow

Added: 04/29/2013 CVE: CVE-2012-4708 BID: 58032 OSVDB: 90371 Background Smart Software Solutions GmbH 3S manufactures CoDeSys Gateway Server, a Supervisory Control and Data Acquisition/Human-Machine Interface SCADA/HMI product. The Gateway Server listens on TCP port 1211. Problem 3S CoDeSys Gatew...

10CVSS6.6AI score0.07427EPSS
Exploits4
Saint
Saint
•added 2013/04/24 12:0 a.m.•43 views

Java Runtime Environment Hotspot final field vulnerability

Added: 04/24/2013 CVE: CVE-2013-2423 BID: 59162 OSVDB: 92348 Background The Java Runtime Environment JRE is part of the Java Development Kit JDK, a set of programming tools for developing Java applications. The Java Runtime Environment provides the minimum requirements for executing a Java...

4.3CVSS9.5AI score0.85333EPSS
Exploits6
Saint
Saint
•added 2013/04/05 12:0 a.m.•43 views

HP Intelligent Management Center mibFileUpload Servlet Unrestricted File Creation

Added: 04/05/2013 CVE: CVE-2012-5201 BID: 58385 OSVDB: 91026 Background HP Intelligent Management Center IMC, also known as HP iNode Management Center, is a comprehensive management platform for delivering integrated, modular network management capabilities. Problem HP IMC 5.1 E0202 and earlier i...

10CVSS7.7AI score0.63744EPSS
Exploits8
Saint
Saint
•added 2013/04/05 12:0 a.m.•43 views

HP Intelligent Management Center mibFileUpload Servlet Unrestricted File Creation

Added: 04/05/2013 CVE: CVE-2012-5201 BID: 58385 OSVDB: 91026 Background HP Intelligent Management Center IMC, also known as HP iNode Management Center, is a comprehensive management platform for delivering integrated, modular network management capabilities. Problem HP IMC 5.1 E0202 and earlier i...

10CVSS7.7AI score0.63744EPSS
Exploits8
Saint
Saint
•added 2013/01/25 12:0 a.m.•43 views

rsh Excessive Trust Vulnerability

Added: 01/25/2013 CVE: CVE-1999-0515 Background The rsh service allows remote users, using an rsh client, to execute individual shell commands on an rsh server without the need for a password. The rsh process uses the .rhosts file to list trusted hosts those machines allowed to use the service...

10CVSS8AI score0.04635EPSS
Exploits4
Saint
Saint
•added 2012/12/17 12:0 a.m.•43 views

CYME ChartFX ActiveX ShowPropertiesDialog pageNumber indexing error

Added: 12/17/2012 BID: 55765 OSVDB: 85894 Background The CYME Power Engineering Software is a suite of applications for power engineers. It includes the ChartFX ActiveX control. Problem An indexing error in ChartFX.ClientServer.Core.dll of the ChartFX ActiveX Control allows command execution when...

0.4AI score
Exploits0
Saint
Saint
•added 2012/08/27 12:0 a.m.•43 views

Adobe Flash Player OpenType Font Integer Overflow

Added: 08/27/2012 CVE: CVE-2012-1535 BID: 55009 OSVDB: 84607 Background Adobe Flash Player is a cross-platform browser plug-in providing visual enhancements for web pages. Problem Adobe Flash Player 11.3.300.270 and earlier on Windows is vulnerable to remote code execution via an integer overflow...

9.3CVSS8.3AI score0.70384EPSS
Exploits11
Saint
Saint
•added 2012/07/16 12:0 a.m.•43 views

Apple QuickTime QTVRStringAtom stringLength Parameter QTVR Movie File Handling

Added: 07/16/2012 CVE: CVE-2012-0667 BID: 53583 OSVDB: 81938 Background QuickTime is a media player for Windows and Mac OS platforms. Problem Apple QuickTime 7.7.1 and earlier versions are vulnerable to remote code execution if the user is persuaded to open a specially crafted QTVR movie file. Th...

9.3CVSS7AI score0.03442EPSS
Exploits6
Saint
Saint
•added 2012/06/18 12:0 a.m.•43 views

Microsoft .NET Framework Memory Access Vulnerability

Added: 06/18/2012 CVE: CVE-2012-1855 BID: 53861 OSVDB: 82859 Background The .NET Framework is a software framework for Microsoft Windows. It includes a large class library that provides user interface, data access, database connectivity, cryptography, web application development, numeric...

9.3CVSS7.4AI score0.20496EPSS
Exploits4
Saint
Saint
•added 2012/06/11 12:0 a.m.•43 views

GIMP Script-Fu Server Buffer Overflow

Added: 06/11/2012 CVE: CVE-2012-2763 BID: 53741 OSVDB: 82429 Background The GNU Image Manipulation Program GIMP is free software for tasks such as photo retouching, image composition, and image authoring. Problem The vulnerability is due improper boundary checking within the Script-Fu server...

7.5CVSS8AI score0.81722EPSS
Exploits14
Saint
Saint
•added 2012/04/27 12:0 a.m.•43 views

LANDesk ThinkManagement Suite ServerSetup.asmx Directory Traversal

Added: 04/27/2012 CVE: CVE-2012-1195 BID: 52023 OSVDB: 79276 Background LANDesk Lenovo ThinkManagement Console provides hardware discovery, comprehensive inventory, and reporting for Lenovo systems. Problem LANDesk Lenovo ThinkManagement Console runs a web application under the Microsoft IIS web...

7.5CVSS6.2AI score0.68399EPSS
Exploits11
Saint
Saint
•added 2012/01/26 12:0 a.m.•43 views

HP Diagnostics Server magentservice.exe Integer Wrap

Added: 01/26/2012 CVE: CVE-2011-4789 BID: 51398 OSVDB: 78309 Background HP Diagnostics software monitors application transaction health in traditional, virtualized and cloud environments. Problem A vulnerability exists in the way the magentservice.exe service handles network requests. Subtraction...

10CVSS6.8AI score0.64803EPSS
Exploits8
Saint
Saint
•added 2011/11/14 12:0 a.m.•43 views

Novell ZENworks LaunchHelp.dll ActiveX Control LaunchProcess Code Execution

Added: 11/14/2011 CVE: CVE-2011-2657 BID: 50274 OSVDB: 76700 Background Novell ZENworks Configuration Management is an IT desktop computer management suite that provides the ability to install, configure and administer desktop computers from a centralized location. The product is based on a...

6.8CVSS7.1AI score0.48366EPSS
Exploits10
Saint
Saint
•added 2011/11/08 12:0 a.m.•43 views

Microsoft Excel Substream Parsing Integer Overflow

Added: 11/08/2011 CVE: CVE-2011-0097 OSVDB: 71758 Background Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows and Macintosh platforms. Problem Microsoft Excel 2007 versions lacking the patch KB2464583 detailed in Microsoft Security Advisory...

9.3CVSS7.2AI score0.38221EPSS
Exploits5
Saint
Saint
•added 2011/10/24 12:0 a.m.•43 views

Apple Safari libxslt File Create

Added: 10/24/2011 CVE: CVE-2011-1774 BID: 48840 OSVDB: 74017 Background Safari is a web browser for Mac OS X and Windows. Problem Safari versions prior to 5.0.6 use unsafe security settings when implementing libxslt. An attacker may leverage this weakness by creating a web page that references a...

8.8CVSS6.8AI score0.43195EPSS
Exploits11
Saint
Saint
•added 2011/09/13 12:0 a.m.•43 views

Firefox sensor.dll Insecure Library Loading

Added: 09/13/2011 CVE: CVE-2011-2980 BID: 49217 OSVDB: 74583 Background Firefox is a freely available web browser for multiple platforms including Windows, Linux, and Mac OS. Problem A library loading vulnerability in Mozilla Firefox and Thunderbird allows arbitrary command execution when a user...

7.2CVSS9.7AI score0.00294EPSS
Exploits5
Saint
Saint
•added 2011/09/12 12:0 a.m.•43 views

RealNetworks RealPlayer QCP Parsing

Added: 09/12/2011 CVE: CVE-2011-2950 BID: 49172 OSVDB: 74549 Background RealPlayer is a media player application which can play back various multimedia file formats, including QCP audio files. The QCP file format is frequently used to provide ring tones and to record voice for cellular telephones...

9.3CVSS6.6AI score0.28612EPSS
Exploits8
Saint
Saint
•added 2011/09/06 12:0 a.m.•43 views

Microsoft Internet Explorer Time Element Memory Corruption

Added: 09/06/2011 CVE: CVE-2011-1255 BID: 48206 OSVDB: 72947 Background Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems. The HTML+Time Timed Interactive Multimedia Extensions helps to add timed, animated, multimedia content to HTML documents. Problem...

9.3CVSS6.5AI score0.42103EPSS
Exploits5
Saint
Saint
•added 2011/08/05 12:0 a.m.•43 views

Oracle Outside In CDR File Parser Stack Buffer Overflow

Added: 08/05/2011 CVE: CVE-2011-2264 BID: 48766 OSVDB: 73912 Background Oracle Outside In is a suite of Software Development Kits SDKs and tools that provide functionality for reading and writing many different file formats. The Outside In SDK is embedded by multiple client and server products th...

4.4CVSS6.1AI score0.31114EPSS
Exploits4
Saint
Saint
•added 2011/05/26 12:0 a.m.•43 views

VLC Media Player Libmodplug CSoundFile::ReadS3M() Function S3M File Handling Overflow

Added: 05/26/2011 CVE: CVE-2011-1574 OSVDB: 72143 Background VideoLAN VLC media player is a media player supporting various audio and video formats for multiple platforms. Problem VLC media player is vulnerable to a stack buffer overflow because the ReadS3M function in libmodplug fails to properl...

6.8CVSS7.2AI score0.42941EPSS
Exploits8
Saint
Saint
•added 2011/05/05 12:0 a.m.•43 views

Oracle Java Applet2ClassLoader Vulnerability

Added: 05/05/2011 CVE: CVE-2010-4452 BID: 46388 OSVDB: 71193 Background Java is a programming language that compiles programs to bytecode, which is then executed inside a Java Virtual Machine. This is optimal for applications that must run on various hardware platforms, such as web applets. Probl...

10CVSS9.6AI score0.8316EPSS
Exploits11
Saint
Saint
•added 2011/03/30 12:0 a.m.•43 views

Adobe Reader Flash AVM2 Memory Corruption

Added: 03/30/2011 CVE: CVE-2011-0609 BID: 46860 OSVDB: 71254 Background Adobe Reader is free software for viewing PDF documents. Problem Adobe Reader 9.x is vulnerable to a remote code execution vulnerability as a result of parsing flash content by the bundled Adobe Flash Player. Resolution Updat...

9.3CVSS8.3AI score0.66821EPSS
Exploits8
Saint
Saint
•added 2010/12/28 12:0 a.m.•43 views

HP Power Manager formLogin buffer overflow

Added: 12/28/2010 CVE: CVE-2010-4113 OSVDB: 69969 Background HP Power Manager is a web-based application that enables administrators to manage an HP UPS from a browser-based management console. Problem A buffer overflow vulnerability in the Administration interface allows remote attackers to...

9.3CVSS7.7AI score0.09722EPSS
Exploits4
Saint
Saint
•added 2010/12/01 12:0 a.m.•43 views

Microsoft Excel Drawing Exception Handling vulnerability

Added: 12/01/2010 CVE: CVE-2010-3335 BID: 44659 OSVDB: 69087 Background Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows and Macintosh platforms. Problem A use-after-free vulnerability during exception handling in Microsoft Office allows comman...

9.3CVSS7.7AI score0.23915EPSS
Exploits5
Saint
Saint
•added 2010/11/16 12:0 a.m.•43 views

Adobe Flash Player Flash Content Parsing Code Execution

Added: 11/16/2010 CVE: CVE-2010-3654 BID: 44504 OSVDB: 68932 Background Adobe Reader is free software for viewing PDF documents. Problem Adobe Reader 9.x is vulnerable to a remote code execution vulnerability as a result of parsing flash content by the bundled Adobe Flash Player. Resolution Apply...

9.3CVSS8AI score0.69679EPSS
Exploits14
Saint
Saint
•added 2010/09/30 12:0 a.m.•43 views

Oracle Secure Backup Administration property_box.php objectname command injection

Added: 09/30/2010 CVE: CVE-2010-0906 BID: 41597 OSVDB: 66340 Background Oracle Secure Backup is a centralized tape backup management solution for Oracle Database. Problem A vulnerability in the propertybox.php script allows remote attackers to inject arbitrary commands via the objectname paramete...

9CVSS6.5AI score0.02243EPSS
Exploits12
Saint
Saint
•added 2010/07/01 12:0 a.m.•43 views

HP OpenView Network Node Manager snmpviewer.exe CGI Stack Buffer Overflow

Added: 07/01/2010 CVE: CVE-2010-1552 BID: 40068 OSVDB: 64975 Background HP OpenView Network Node Manager is network availability and performance management software. Problem A stack buffer overflow vulnerability in HP Openview NNM allows remote attackers to execute arbitrary commands by sending...

10CVSS7.7AI score0.68892EPSS
Exploits9
Saint
Saint
•added 2010/05/28 12:0 a.m.•43 views

Apple Safari parent.close() Invalid Pointer Code Execution

Added: 05/28/2010 CVE: CVE-2010-1939 BID: 39990 OSVDB: 64482 Background Safari is a web browser for Mac OS X and Windows. Problem Apple Safari 4.0.5 for Windows and probably earlier allows remote attackers to execute arbitrary code by enticing the user to open a crafted HTML document. The crafted...

7.6CVSS6.9AI score0.14708EPSS
Exploits5
Saint
Saint
•added 2010/04/30 12:0 a.m.•43 views

Microsoft Publisher File Conversion Textbox buffer overflow

Added: 04/30/2010 CVE: CVE-2010-0479 BID: 39347 OSVDB: 63748 Background Microsoft Office Publisher, part of the Microsoft Office suite, is a product for creating publications and marketing materials. Problem A buffer overflow vulnerability allows command execution when a user loads a Publisher 97...

9.3CVSS6.7AI score0.23415EPSS
Exploits5
Saint
Saint
•added 2010/04/02 12:0 a.m.•43 views

Internet Explorer iepeers.dll use-after-free vulnerability

Added: 04/02/2010 CVE: CVE-2010-0806 BID: 38615 OSVDB: 62810 Background The iepeers.dll component of Internet Explorer provides support for Web Folders and printing. Problem A vulnerability in iepeers.dll allows a specially crafted web page to cause a pointer to be used after it has been freed,...

9.3CVSS8.1AI score0.82172EPSS
Exploits15
Saint
Saint
•added 2010/03/11 12:0 a.m.•43 views

Microsoft Excel DbOrParamQry memory corruption

Added: 03/11/2010 CVE: CVE-2010-0264 BID: 38555 OSVDB: 62823 Background Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows and Macintosh platforms. Problem A memory corruption vulnerability in Microsoft Excel allows command execution when a user...

9.3CVSS7.8AI score0.21221EPSS
Exploits5
Saint
Saint
•added 2010/02/16 12:0 a.m.•43 views

Eureka Email POP3 Error Stack Buffer Overflow

Added: 02/16/2010 CVE: CVE-2009-3837 OSVDB: 59262 Background Eureka Email is an e-mail client with built-in junk e-mail filtering. Problem A malicious POP3 mail server can send a long error message to the Eureka Email client, causing a stack buffer overflow. Resolution Upgrade when a fix becomes...

9.3CVSS6.6AI score0.32071EPSS
Exploits8
Saint
Saint
•added 2009/12/22 12:0 a.m.•43 views

HP OpenView Network Node Manager ovalarm.exe Accept-Language buffer overflow

Added: 12/22/2009 CVE: CVE-2009-4179 BID: 37261 OSVDB: 60930 Background HP OpenView Network Node Manager is network availability and performance management software. Problem A buffer overflow in the ovalarm.exe CGI program allows command execution when an attacker sends an HTTP request to this...

10CVSS6.8AI score0.66973EPSS
Exploits8
Saint
Saint
•added 2009/09/01 12:0 a.m.•43 views

Oracle Secure Backup property_box.php type parameter command execution

Added: 09/01/2009 CVE: CVE-2009-1978 BID: 35678 OSVDB: 55904 Background Oracle Secure Backup is a centralized tape backup management solution for Oracle Database. Problem A command execution vulnerability in the Oracle Secure Backup web interface allows remote attackers to execute arbitrary...

9CVSS7.2AI score0.64694EPSS
Exploits13
Saint
Saint
•added 2009/07/30 12:0 a.m.•43 views

Visual Studio Active Template Library uninitialized object

Added: 07/30/2009 CVE: CVE-2009-0901 BID: 35832 OSVDB: 56696 Background Microsoft Visual Studio is a product to assist with software development in the Windows operating system. Visual Studio uses Microsoft Active Template Library ATL, which is a set of template-based C++ classes, to help simplif...

9.3CVSS7.8AI score0.36608EPSS
Exploits5
Saint
Saint
•added 2009/07/30 12:0 a.m.•43 views

Visual Studio Active Template Library uninitialized object

Added: 07/30/2009 CVE: CVE-2009-0901 BID: 35832 OSVDB: 56696 Background Microsoft Visual Studio is a product to assist with software development in the Windows operating system. Visual Studio uses Microsoft Active Template Library ATL, which is a set of template-based C++ classes, to help simplif...

9.3CVSS7.8AI score0.36608EPSS
Exploits5
Saint
Saint
•added 2009/07/13 12:0 a.m.•43 views

Mozilla Firefox JIT Escape Function Memory Corruption

Added: 07/13/2009 CVE: CVE-2009-2477 BID: 35660 OSVDB: 55846 Background Mozilla is a suite of Internet client products available for multiple platforms. Problem A memory corruption vulnerability in Mozilla Firefox in the way it handles JIT escape function calls allows arbitrary code injection and...

9.3CVSS9.8AI score0.42689EPSS
Exploits9
Total number of security vulnerabilities4305