4305 matches found
Oracle Secure Backup login.php ora_osb_lcookie command execution
Added: 06/22/2009 CVE: CVE-2008-4006 BID: 33177 OSVDB: 51343 Background Oracle Secure Backup is a centralized tape backup management solution for Oracle Database. Problem A command execution vulnerability in the Oracle Secure Backup web interface allows remote attackers to execute arbitrary...
Oracle Secure Backup login.php ora_osb_lcookie command execution
Added: 06/22/2009 CVE: CVE-2008-4006 BID: 33177 OSVDB: 51343 Background Oracle Secure Backup is a centralized tape backup management solution for Oracle Database. Problem A command execution vulnerability in the Oracle Secure Backup web interface allows remote attackers to execute arbitrary...
Novell GroupWise Internet Agent e-mail address buffer overflow
Added: 06/05/2009 CVE: CVE-2009-1636 BID: 35064 OSVDB: 54645 Background Novell GroupWise is an e-mail and collaboration product suite. Problem A buffer overflow vulnerability allows a remote attacker to execute arbitrary commands by sending a message containing a specially crafted e-mail address ...
Adobe Reader Javascript API getAnnots method vulnerability
Added: 05/29/2009 CVE: CVE-2009-1492 BID: 34736 OSVDB: 54130 Background Adobe Reader is free software for viewing PDF documents. Problem A vulnerability in the Javascript API allows command execution when a user opens a PDF file which calls the getAnnots method with specially crafted arguments...
Symantec Alert Management System Intel File Transfer service command execution
Added: 05/06/2009 CVE: CVE-2009-1431 BID: 34675 OSVDB: 54160 Background The Symantec Alert Management System 2 AMS2 is used by multiple Symantec products. The Intel File Transfer service is a component of AMS2 which is used to aid communication between the core server and managed clients. It...
Citect SCADA ODBC Service Overflow
Added: 03/10/2009 CVE: CVE-2008-2639 BID: 29634 OSVDB: 46105 Background The CitectSCADA and CitectFacilities applications include ODBC server capabilities to provide remote SQL access to a relational database. The ODBC Server component listens on port 20222/tcp by default. Problem A buffer overfl...
Oracle Secure Backup login.php rbtool command injection
Added: 01/20/2009 CVE: CVE-2008-5448 BID: 33177 OSVDB: 51342 Background Oracle Secure Backup is a centralized tape backup management solution for Oracle Database. Problem A command injection vulnerability in the Oracle Secure Backup web interface allows a remote attacker to execute arbitrary...
Microsoft Excel TXO and OBJ record parsing memory corruption
Added: 12/18/2008 CVE: CVE-2008-4265 BID: 32618 OSVDB: 50556 Background Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows and Macintosh platforms. Problem A memory corruption vulnerability allows command execution when a user opens an Excel...
Adobe Acrobat util.printf JavaScript function buffer overflow
Added: 11/10/2008 CVE: CVE-2008-2992 BID: 30035 OSVDB: 49520 Background Adobe Acrobat is software for creating PDF documents. Problem A buffer overflow vulnerability allows command execution when a user opens a PDF file which calls the util.printf JavaScript function with a specially crafted form...
Apache Tomcat JK Web Server Connector URI worker map buffer overflow
Added: 07/30/2008 CVE: CVE-2007-0774 BID: 22791 OSVDB: 33855 Background Apache Tomcat is a Java web application platform which can run under various types of web servers. The JK Web Server Connector modjk is used for communication between Tomcat and the web server. Problem A buffer overflow in a...
Oracle WebLogic Server Apache Connector POST buffer overflow
Added: 07/25/2008 CVE: CVE-2008-3257 BID: 30273 OSVDB: 47096 Background Oracle WebLogic Server formerly BEA WebLogic Server is a Java web application platform. Problem A buffer overflow in the Apache Connector for WebLogic Server allows remote attackers to execute arbitrary commands by sending a...
HP OpenView Network Node Manager connectedNodes.ovpl command execution
Added: 07/02/2008 CVE: CVE-2005-2773 BID: 14662 OSVDB: 19057 Background HP OpenView Network Node Manager is network availability and performance management software. Problem A command injection vulnerability in the connectedNodes.ovpl CGI script allows remote attackers to execute arbitrary comman...
OpenOffice OLE importer DocumentSummaryInformation buffer overflow
Added: 06/20/2008 CVE: CVE-2008-0320 BID: 28819 OSVDB: 44472 Background OpenOffice is a free productivity suite for multiple platforms. OpenOffice includes an importer for Microsoft's Object Linking and Embedding OLE framework. Problem A buffer overflow vulnerability in the OLE importer allows...
Facebook PhotoUploader ActiveX control ExtractIptc buffer overflow
Added: 05/19/2008 CVE: CVE-2008-0660 BID: 27576 OSVDB: 41073 Background Facebook PhotoUploader is an ActiveX control which allows uploading of photos to the Facebook web site. It uses the Aurigma ImageUploader product. Problem A buffer overflow vulnerability in Facebook PhotoUploader allows comma...
Motorola Timbuktu login request buffer overflow
Added: 05/15/2008 CVE: CVE-2007-4221 BID: 25454 OSVDB: 40124 Background Motorola Timbuktu is remote control software for Windows and Mac. It runs a service which listens for connections on port 407/TCP or 407/UDP. Problem A buffer overflow vulnerability when processing login requests allows remot...
Computer Associates Alert Notification Server opcode 23 buffer overflow
Added: 04/25/2008 CVE: CVE-2007-4620 BID: 28605 OSVDB: 44040 Background The Alert Notification Server is included with multiple Computer Associates products to provide notifications to console users. Problem The Alert Notification Server is affected by buffer overflow vulnerabilities in multiple...
Cisco Secure ACS UCP CSuserCGI.exe buffer overflow
Added: 04/07/2008 CVE: CVE-2008-0532 BID: 28222 OSVDB: 42961 Background Cisco Secure Access Control Server ACS is a centralized user access control framework which can be used with routers, switches, firewalls, VPNs, and other devices. User Changeable Passwords UCP, a utility implemented by Cisco...
Adobe Flash Player ActionScript launch command execution
Added: 01/07/2008 CVE: CVE-2008-5499 BID: 32896 OSVDB: 50796 Background Adobe Flash Player is a cross-platform browser plug-in providing visual enhancements for web pages. Problem An input validation vulnerability allows command execution when the browser loads an SWF file which contains shell...
Trend Micro ServerProtect SpntSvc RPC buffer overflow
Added: 09/21/2007 CVE: CVE-2007-4218 BID: 25395 OSVDB: 39753 Background ServerProtect is a virus scanner for servers. The Trend Micro ServerProtect service SpntSvc.exe handles RPC requests on port 5168/TCP. Problem Buffer overflow vulnerabilities in the Trend Micro ServerProtect service allow...
Windows rshd buffer overflow
Added: 08/03/2007 CVE: CVE-2007-4006 BID: 25044 OSVDB: 38572 Background The Windows implementation of RSHD is a remote shell daemon which has been adapted to run on Windows platforms. Problem A buffer overflow vulnerability in the Windows implementation of RSHD allows remote attackers to execute...
SupportSoft tgctlsi.dll ActiveX control buffer overflow
Added: 03/15/2007 CVE: CVE-2006-6490 BID: 22564 OSVDB: 33481 Background SupportSoft ActiveX controls are used by third-party products to provide remote technical support. Problem SupportSoft ActiveX controls are affected by multiple buffer overflow vulnerabilities which can lead to command...
Trend Micro ServerProtect ENG_SetRealTimeScanConfigInfo buffer overflow
Added: 03/07/2007 CVE: CVE-2007-1070 BID: 22639 OSVDB: 33042 Background Trend Micro ServerProtect is a virus scanner for servers. Problem A buffer overflow vulnerability in the ENGSetRealTimeScanConfigInfo function allows remote attackers to execute arbitrary commands by sending a specially craft...
Microsoft Help Workshop .HPJ file HLP field buffer overflow
Added: 01/26/2007 CVE: CVE-2007-0427 BID: 22135 OSVDB: 31899 Background Microsoft Help Workshop is a standard component of Microsoft Visual Studio and is also available as a standalone product. Problem A buffer overflow vulnerability in Microsoft Help Workshop allows command execution when a user...
Novell Client nwspool.dll buffer overflow
Added: 12/01/2006 CVE: CVE-2006-5854 BID: 21220 OSVDB: 30547 Background Novell Client software provides NetWare connectivity to Windows platforms. Problem The nwspool.dll library in Novell Client is affected by buffer overflows in the EnumPrinters and OpenPrinter functions, allowing remote...
Microsoft SSL library PCT buffer overflow
Added: 10/13/2006 CVE: CVE-2003-0719 BID: 10116 OSVDB: 5250 Background The Microsoft Secure Sockets Layer SSL library provides support for a number of secure communication protocols, including the Private Communication Technology PCT protocol. Since PCT has been superceded by SSL 3.0, the Microso...
IMail SMTP RCPT TO buffer overflow
Added: 09/29/2006 CVE: CVE-2006-4379 BID: 19885 OSVDB: 28576 Background IMail is an e-mail server for Windows platforms. Problem A buffer overflow vulnerability in the SMTP daemon allows remote command execution by sending a RCPT TO argument containing a long string between @ and : characters...
Windows Server Service buffer overflow
Added: 08/11/2006 CVE: CVE-2006-3439 BID: 19409 OSVDB: 27845 Background The Windows Server Service supports file, print, and named-pipe sharing over the network. Problem A buffer overflow vulnerability in the Windows Server Service allows remote attackers to execute arbitrary commands. Resolution...
BASE base_qry_common.php file include
Added: 06/23/2006 CVE: CVE-2006-2685 BID: 18298 OSVDB: 25770 Background Snort is an open-source intrusion detection system. The Basic Analysis and Security Engine BASE is a web interface for analyzing Snort results. Problem If the registerglobals PHP option is enabled, the baseqrycommon.php scrip...
Mozilla Firefox GIF processing buffer overflow
Added: 06/09/2006 CVE: CVE-2005-0399 BID: 12881 OSVDB: 14937 Background Mozilla is a suite of Internet client products available for multiple platforms. Problem A heap overflow in Mozilla Firefox when processing GIF images with the obsolete Netscape extension 2 allows command execution when a use...
VERITAS NetBackup vnetd bpspsserver buffer overflow
Added: 04/14/2006 CVE: CVE-2006-0991 BID: 17264 OSVDB: 24170 Background VERITAS NetBackup is a backup and recovery solution for multiple platforms. Problem A buffer overflow in bpspsserver allows a remote attacker to execute arbitrary commands by sending a specially crafted Request Service messag...
Windows RPC DCOM interface buffer overflow
Added: 04/04/2006 CVE: CVE-2003-0352 BID: 8205 OSVDB: 2100 Background The Distributed Component Object Model is a technology in Microsoft Windows operating systems which allows software components to communicate. Remote Procedure Call RPC is a protocol used to request a service from a program on...
Mozilla Firefox QueryInterface method memory corruption
Added: 02/10/2006 CVE: CVE-2006-0295 BID: 16476 OSVDB: 22893 Background Mozilla is a suite of Internet client products available for multiple platforms. Problem A memory corruption in the QueryInterface method of the Location and Navigator objects leads to command execution. Resolution Upgrade to...
Arkeia Type 77 Request buffer overflow
Added: 01/24/2006 CVE: CVE-2005-0491 BID: 12594 OSVDB: 14011 Background The Arkeia network backup software includes a daemon program called arkeiad which listens for connections on TCP port 617. Problem A buffer overflow in the processing of type 77 requests sent to the arkeiad listener allows...
Dell OpenManage Network Manager MySQL vulnerability
Added: 11/20/2018 BID: 105912 Background Dell OpenManage Network Manager is a product for monitoring and managing network devices. Problem Dell OpenManage Network Manager runs the MySQL database service with root privileges and enables default database accounts, allowing a remote attacker to writ...
SugarCRM REST deserialization vulnerability
Added: 09/23/2016 BID: 91413 Background SugarCRM is customer relationship management software written in PHP. Problem Improper use of the unserialize function inside the SugarRestSerialize.php script allows remote attackers to inject PHP objects, leading to arbitrary command execution. Resolution...
Wago Shell
Added: 03/31/2016 Background Wago PLCs are used in Factory and building automation. Wago ethernet PLCs are connected by IP and can be administered remotely. Problem Wago PLC devices use CoDeSyS protocols to program the device. If the programming ports are left open an attacker is able to upload,...
FireEye MPS JAR analyzer command execution
Added: 12/28/2015 BID: 78809 Background The FireEye Malware Protection System MPS detects and eliminates malware found on file shares, web downloads, and e-mail. Problem A vulnerability in the Java Archive analysis tool could allow command execution when the tool analyzes a specially crafted JAR...
Symantec Endpoint Protection Manager authentication bypass
Added: 08/26/2015 CVE: CVE-2015-1486 BID: 76074 Background Symantec Endpoint Protection, by Symantec Corporation, is an antivirus and personal firewall product designed to be centrally managed in corporate environments by the Symantec Endpoint Protection Manager SEPM. Problem Symantec Endpoint...
Mozilla Firefox XMLSerializer serializeToStream Use-after-free Vulnerability
Added: 10/17/2013 CVE: CVE-2013-0753 BID: 57209 OSVDB: 89021 Background Firefox is a freely available web browser for multiple platforms including Windows, Linux, and Mac OS. Problem Mozilla Firefox prior to 18.0 contains a use-after-free error in the XMLSerializer when the serializeToStream meth...
Internet Explorer Use-After-Free Memory Corruption (MS13-055)
Added: 10/09/2013 CVE: CVE-2013-3163 BID: 60975 OSVDB: 94981 Background Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems. Problem Microsoft Internet Explorer contains a use-after-free error which can lead to memory corruption in such a way as to allow...
HP System Management Homepage iprange Parameter Stack Buffer Overflow
Added: 09/09/2013 CVE: CVE-2013-2362 BID: 61337 OSVDB: 95489 Background HP System Management Homepage SMH is a web-based interface that consolidates the management of ProLiant and Integrity servers. Problem A stack buffer overflow vulnerability in HP SMH allows command execution when an attacker...
Oracle WebCenter Content CheckOutAndOpen.dll ActiveX Control Vulnerability
Added: 08/19/2013 CVE: CVE-2013-1559 BID: 59122 OSVDB: 92386 Background Oracle WebCenter Content is an open platform that allows users to create a vast range of content management applications. It consolidates unstructured content from across diverse systems so it can be centrally managed and the...
Oracle Java Serviceability Subcomponent ProviderSkeleton Class Vulnerability
Added: 07/11/2013 CVE: CVE-2013-2460 BID: 60635 OSVDB: 94346 Background Java is a programming language that compiles programs to bytecode, which is then executed inside a Java Virtual Machine. This is optimal for applications that must run on various hardware platforms, such as web applets. Probl...
Internet Explorer textNode Style Computation Use After Free Vulnerability
Added: 06/17/2013 CVE: CVE-2013-1311 BID: 59752 OSVDB: 93296 Background Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems. Problem Internet Explorer 8 is vulnerable to remote code execution as a result of memory corruption when computations on the...
Internet Explorer CGenericElement Object Use-after-free Vulnerability
Added: 05/08/2013 CVE: CVE-2013-1347 BID: 59641 OSVDB: 92993 Background Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems. Problem When Internet Explorer attempts to access an object in memory that has been deleted, it may corrupt memory in such a way...
3S Smart Software Solutions CoDeSys Gateway Server Directory Traversal
Added: 05/06/2013 CVE: CVE-2012-4705 BID: 59446 OSVDB: 90368 Background Smart Software Solutions GmbH 3S manufactures CoDeSys Gateway Server, a Supervisory Control and Data Acquisition/Human-Machine Interface SCADA/HMI product. The Gateway Server listens on TCP port 1211. Problem 3S CoDeSys Gatew...
3S Smart Software Solutions CoDeSys Gateway Server Directory Traversal
Added: 05/06/2013 CVE: CVE-2012-4705 BID: 59446 OSVDB: 90368 Background Smart Software Solutions GmbH 3S manufactures CoDeSys Gateway Server, a Supervisory Control and Data Acquisition/Human-Machine Interface SCADA/HMI product. The Gateway Server listens on TCP port 1211. Problem 3S CoDeSys Gatew...
HP Intelligent Management Center mibFileUpload Servlet Unrestricted File Creation
Added: 04/05/2013 CVE: CVE-2012-5201 BID: 58385 OSVDB: 91026 Background HP Intelligent Management Center IMC, also known as HP iNode Management Center, is a comprehensive management platform for delivering integrated, modular network management capabilities. Problem HP IMC 5.1 E0202 and earlier i...
Java JAX-WS statistics.impl package sandbox breach
Added: 02/07/2013 CVE: CVE-2012-5076 BID: 56054 OSVDB: 86350 Background Java API for XML Web Services JAX-WS is a technology for developing web services in Java. It is included in the Java EE 5 platform. Problem A vulnerability in JAX-WS when handling the...
HP Operations Agent for NonStop Server ELinkService HEALTH packet buffer overflow
Added: 10/26/2012 BID: 55161 OSVDB: 84854 Background HP Operations Agents is a fault and performance monitoring solution for servers. Problem A buffer overflow vulnerability in HP Operations Agent for NonStop server allows an attacker to execute arbitrary commands by sending a specially crafted...