Lucene search
K
SaintMost viewed

4305 matches found

Saint
Saint
•added 2012/10/22 12:0 a.m.•42 views

Avaya IP Office Customer Call Reporter ImageUpload.ashx file upload

Added: 10/22/2012 CVE: CVE-2012-3811 BID: 54225 OSVDB: 83399 Background Avaya IP Office is a unified communications solution for mobile workforce. Problem The ImageUpload.ashx script allows unauthenticated users to upload arbitrary script files to the webserver. The script files can then be...

10CVSS6.8AI score0.62876EPSS
Exploits8
Saint
Saint
•added 2012/08/27 12:0 a.m.•42 views

Adobe Flash Player OpenType Font Integer Overflow

Added: 08/27/2012 CVE: CVE-2012-1535 BID: 55009 OSVDB: 84607 Background Adobe Flash Player is a cross-platform browser plug-in providing visual enhancements for web pages. Problem Adobe Flash Player 11.3.300.270 and earlier on Windows is vulnerable to remote code execution via an integer overflow...

9.3CVSS8.3AI score0.70384EPSS
Exploits11
Saint
Saint
•added 2012/07/23 12:0 a.m.•42 views

HP Data Protector Express Opcode 0x320 Overflow

Added: 07/23/2012 CVE: CVE-2012-0121 BID: 52431 OSVDB: 80102 Background HP Data Protector Express is a backup and recovery solution for single machines and small networks. Problem A stack overflow vulnerability exists in dpwindtb.dll. Validation of parameters to Opcode 0x320 requests are not...

10CVSS7.1AI score0.10436EPSS
Exploits4
Saint
Saint
•added 2012/07/09 12:0 a.m.•42 views

Apple QuickTime TeXML Style Element Parsing Buffer Overflow

Added: 07/09/2012 CVE: CVE-2012-0663 BID: 53571 OSVDB: 81934 Background QuickTime is a media player for Windows and Mac OS platforms. Problem Apple QuickTime 7.7.1 and earlier versions are vulnerable to buffer overflow when parsing XML elements within a TeXML file. The QuickTime3GPP.qtx QuickTime...

9.3CVSS7.5AI score0.28623EPSS
Exploits9
Saint
Saint
•added 2012/07/03 12:0 a.m.•42 views

iTunes m3u Playlist Overflow

Added: 07/03/2012 CVE: CVE-2012-0677 BID: 53933 OSVDB: 82897 Background iTunes is a free media player for multiple platforms. Problem iTunes does not properly validate parameters for EXTINF: directives in m3u files. This results in an exploitable stack overflow. Resolution Upgrade to iTunes 10.6....

9.3CVSS6.2AI score0.15357EPSS
Exploits17
Saint
Saint
•added 2012/06/22 12:0 a.m.•42 views

Internet Explorer Same ID Property vulnerability

Added: 06/22/2012 CVE: CVE-2012-1875 BID: 53847 OSVDB: 82865 Background Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems. Problem A vulnerability in Internet Explorer allows command execution when a user opens a specially crafted web page which causes...

9.3CVSS8.2AI score0.61655EPSS
Exploits11
Saint
Saint
•added 2012/02/22 12:0 a.m.•42 views

Sunway ForceControl SNMP NetDBServer Data Chunk Copy Buffer Overflow

Added: 02/22/2012 BID: 49747 OSVDB: 75798 Background Sunway ForceControl is a Chinese SCADA/HMI software application widely used in China to help run weapons systems, utilities and chemical plants. It is also used to a lesser extent in other countries, including the US. SNMP NetDBServer is one of...

Exploits0
Saint
Saint
•added 2012/01/26 12:0 a.m.•42 views

HP Diagnostics Server magentservice.exe Integer Wrap

Added: 01/26/2012 CVE: CVE-2011-4789 BID: 51398 OSVDB: 78309 Background HP Diagnostics software monitors application transaction health in traditional, virtualized and cloud environments. Problem A vulnerability exists in the way the magentservice.exe service handles network requests. Subtraction...

10CVSS6.8AI score0.64803EPSS
Exploits8
Saint
Saint
•added 2011/12/01 12:0 a.m.•42 views

Symantec Alert Management System AMSSendAlertAck Buffer Overflow

Added: 12/01/2011 CVE: CVE-2010-0110 BID: 45936 OSVDB: 72623 Background The Symantec Alert Management System 2 AMS2 is used by multiple Symantec products. It includes an Intel Alert Handler service hndlrsvc.exe. This service handles messages forwarded to it by the Alert Originator Manager...

7.9CVSS7.5AI score0.0513EPSS
Exploits12
Saint
Saint
•added 2011/11/04 12:0 a.m.•42 views

Netzip Classic ZIP file parsing buffer overflow

Added: 11/04/2011 BID: 46059 Background Netzip Classic is a Windows utility for downloading and decompressing files. Problem A buffer overflow vulnerability allows command execution when a user opens a specially crafted ZIP file and double-clicks on the file contained in it. Resolution Do not use...

7.8AI score
Exploits0
Saint
Saint
•added 2011/09/29 12:0 a.m.•42 views

Sunway ForceControl SNMP NetDBServer Signed Integer Buffer Overflow

Added: 09/29/2011 BID: 49747 OSVDB: 75798 Background Sunway ForceControl is a Chinese SCADA/HMI software application widely used in China to help run weapons systems, utilities and chemical plants. It is also used to a lesser extent in other countries, including the US. SNMP NetDBServer is one of...

Exploits0
Saint
Saint
•added 2011/09/12 12:0 a.m.•42 views

RealNetworks RealPlayer QCP Parsing

Added: 09/12/2011 CVE: CVE-2011-2950 BID: 49172 OSVDB: 74549 Background RealPlayer is a media player application which can play back various multimedia file formats, including QCP audio files. The QCP file format is frequently used to provide ring tones and to record voice for cellular telephones...

9.3CVSS6.6AI score0.28612EPSS
Exploits8
Saint
Saint
•added 2011/08/15 12:0 a.m.•42 views

Microsoft Excel SLK File Parsing Buffer Overflow

Added: 08/15/2011 CVE: CVE-2011-1276 BID: 48161 OSVDB: 72924 Background Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows and Macintosh platforms. Problem Microsoft Office Excel is vulnerable to remote code execution due to improper boundary...

9.3CVSS9.7AI score0.28222EPSS
Exploits10
Saint
Saint
•added 2011/08/08 12:0 a.m.•42 views

Oracle Java Runtime Environment Insecure File Loading

Added: 08/08/2011 OSVDB: 74330 Background The Java Runtime Environment JRE is part of the Java Development Kit JDK, a set of programming tools for developing Java applications. The Java Runtime Environment provides the minimum requirements for executing a Java application; it consists of the Java...

8AI score
Exploits0
Saint
Saint
•added 2011/08/08 12:0 a.m.•42 views

Oracle Java Runtime Environment Insecure File Loading

Added: 08/08/2011 OSVDB: 74330 Background The Java Runtime Environment JRE is part of the Java Development Kit JDK, a set of programming tools for developing Java applications. The Java Runtime Environment provides the minimum requirements for executing a Java application; it consists of the Java...

0.1AI score
Exploits0
Saint
Saint
•added 2011/07/27 12:0 a.m.•42 views

Mozilla Firefox nsTreeRange Use After Free

Added: 07/27/2011 CVE: CVE-2011-0073 BID: 47663 OSVDB: 72087 Background Firefox is a freely available web browser for multiple platforms including Windows, Linux, and Mac OS. Problem Mozilla Firefox and SeaMonkey are prone to a remote code execution vulnerability caused by accessing previously...

10CVSS9.9AI score0.70005EPSS
Exploits5
Saint
Saint
•added 2011/07/27 12:0 a.m.•42 views

Mozilla Firefox nsTreeRange Use After Free

Added: 07/27/2011 CVE: CVE-2011-0073 BID: 47663 OSVDB: 72087 Background Firefox is a freely available web browser for multiple platforms including Windows, Linux, and Mac OS. Problem Mozilla Firefox and SeaMonkey are prone to a remote code execution vulnerability caused by accessing previously...

10CVSS9.9AI score0.70005EPSS
Exploits5
Saint
Saint
•added 2011/06/30 12:0 a.m.•42 views

IBM Lotus Notes LZH Attachment Viewer Stack Buffer Overflow

Added: 06/30/2011 CVE: CVE-2011-1213 BID: 48018 OSVDB: 72706 Background Lotus Notes is the client for Lotus Domino servers. Problem IBM Lotus Notes File Viewer is vulnerable to remote code execution as a result of a stack buffer overflow while parsing headers of LZH files. A remote, unauthenticat...

9.3CVSS7.4AI score0.32961EPSS
Exploits10
Saint
Saint
•added 2011/05/12 12:0 a.m.•42 views

CA Total Defense UNCWS DeleteReports SQL Injection

Added: 05/12/2011 CVE: CVE-2011-1653 BID: 47355 Background CA Total Defense is a combined host-based anti-virus, anti-spyware, firewall, and IPS solution. Problem CA Total Defense includes a web service management component, which in version r12 prior to SE2, fails to validate certain parameters...

10CVSS7.2AI score0.88655EPSS
Exploits12
Saint
Saint
•added 2010/12/14 12:0 a.m.•42 views

Microsoft Office FlashPix Image Converter Dictionary property buffer overflow

Added: 12/14/2010 CVE: CVE-2010-3951 BID: 45278 OSVDB: 69808 Background Microsoft Office is a package that provides word processing, spreadsheet, presentation, e-mail, and calendaring capabilities for Microsoft Windows workstations. The suite ships with a set of image processing helper libraries...

9.3CVSS7.7AI score0.25106EPSS
Exploits4
Saint
Saint
•added 2010/12/06 12:0 a.m.•42 views

Oracle Secure Backup Administration preauth variable command injection

Added: 12/06/2010 CVE: CVE-2010-0906 BID: 41597 OSVDB: 67128 Background Oracle Secure Backup is a centralized tape backup management solution for Oracle Database. Problem A vulnerability in the Administration server allows remote, authenticated attackers to execute arbitrary commands which are...

9CVSS6.9AI score0.02243EPSS
Exploits12
Saint
Saint
•added 2010/11/08 12:0 a.m.•42 views

DATAC RealWin SCADA Server SCPC_INITIALIZE buffer overflow

Added: 11/08/2010 CVE: CVE-2010-4142 BID: 44150 OSVDB: 68812 Background RealWin is a Supervisory Control and Data Acquisition SCADA server which is distributed by DATAC. Problem A buffer overflow vulnerability allows remote attackers to execute arbitrary commands by sending a specially crafted...

10CVSS7.8AI score0.63573EPSS
Exploits12
Saint
Saint
•added 2010/10/15 12:0 a.m.•42 views

Oracle Java IE Browser Plugin docbase Parameter Stack Buffer Overflow

Added: 10/15/2010 CVE: CVE-2010-3552 BID: 44023 Background Oracle Java SE and Java for Business are development platforms for developing and deploying Java applications. They include the Java SE Development Kit JDK and the Java Runtime Environment JRE. The JRE provides the minimum requirements fo...

10CVSS9AI score0.8074EPSS
Exploits8
Saint
Saint
•added 2010/07/01 12:0 a.m.•42 views

HP OpenView Network Node Manager snmpviewer.exe CGI Stack Buffer Overflow

Added: 07/01/2010 CVE: CVE-2010-1552 BID: 40068 OSVDB: 64975 Background HP OpenView Network Node Manager is network availability and performance management software. Problem A stack buffer overflow vulnerability in HP Openview NNM allows remote attackers to execute arbitrary commands by sending...

10CVSS7.7AI score0.68892EPSS
Exploits9
Saint
Saint
•added 2010/04/22 12:0 a.m.•42 views

Internet Explorer Tabular Data Control DataURL memory corruption

Added: 04/22/2010 CVE: CVE-2010-0805 BID: 39025 OSVDB: 63329 Background Tabular Data Control is an ActiveX control which can be used to display data from a delimited text file. Problem A memory corruption vulnerability allows command execution when a user loads a web page which invokes Tabular Da...

9.3CVSS6.4AI score0.80603EPSS
Exploits13
Saint
Saint
•added 2010/02/05 12:0 a.m.•42 views

Sun Java System Web Server WebDAV OPTIONS request buffer overflow

Added: 02/05/2010 CVE: CVE-2010-0361 BID: 37874 OSVDB: 61851 Background Sun Java System Web Server is a web application server. WebDAV Web-based Distributed Authoring and Versioning is an extension to the HTTP protocol which allows users to edit web server content. Problem A buffer overflow...

10CVSS7.7AI score0.80521EPSS
Exploits20
Saint
Saint
•added 2010/01/20 12:0 a.m.•42 views

Adobe Illustrator EPS File DSC Comment Buffer Overflow

Added: 01/20/2010 CVE: CVE-2009-4195 BID: 37192 OSVDB: 60632 Background Adobe Illustrator software is a comprehensive vector graphics environment for creative professionals that is used for both drawing and typographical work. Illustrator supports several vector file formats including AI, CDR, PD...

9.3CVSS6.8AI score0.70684EPSS
Exploits8
Saint
Saint
•added 2009/08/26 12:0 a.m.•42 views

Adobe Flash Player authplay.dll vulnerability

Added: 08/26/2009 CVE: CVE-2009-1862 BID: 35759 OSVDB: 56282 Background Adobe Flash Player is a cross-platform browser plug-in providing visual enhancements for web pages. Problem A vulnerability in authplay.dll in Adobe Flash Player allows command execution when a user opens a specially crafted...

9.3CVSS7.8AI score0.25006EPSS
Exploits5
Saint
Saint
•added 2009/08/26 12:0 a.m.•42 views

Adobe Flash Player authplay.dll vulnerability

Added: 08/26/2009 CVE: CVE-2009-1862 BID: 35759 OSVDB: 56282 Background Adobe Flash Player is a cross-platform browser plug-in providing visual enhancements for web pages. Problem A vulnerability in authplay.dll in Adobe Flash Player allows command execution when a user opens a specially crafted...

9.3CVSS7.8AI score0.25006EPSS
Exploits5
Saint
Saint
•added 2009/08/24 12:0 a.m.•42 views

Visual Studio Active Template Library object type mismatch vulnerability

Added: 08/24/2009 CVE: CVE-2009-2494 BID: 35982 OSVDB: 56910 Background Microsoft Visual Studio is a product to assist with software development in the Windows operating system. Visual Studio uses Microsoft Active Template Library ATL, which is a set of template-based C++ classes, to help simplif...

10CVSS9.6AI score0.42329EPSS
Exploits6
Saint
Saint
•added 2009/05/25 12:0 a.m.•42 views

Windows GDI Privilege Elevation

Added: 05/25/2009 CVE: CVE-2006-5758 BID: 20940 OSVDB: 30214 Background The Graphics Rendering Engine in Microsoft Windows 2000 and Windows XP maps GDI Kernel structures on a global shared memory section that is created with insecure permissions. Problem Users with local access can remap the shar...

7.2CVSS6.2AI score0.06325EPSS
Exploits6
Saint
Saint
•added 2009/05/07 12:0 a.m.•42 views

Windows SMB credential reflection vulnerability

Added: 05/07/2009 CVE: CVE-2008-4037 BID: 7385 OSVDB: 49736 Background The Server Message Block SMB.aspx protocol is a file sharing protocol implemented in Microsoft Windows. NTLM is a challenge/response-based authentication protocol. Problem An NTLM credential reflection vulnerability allows a...

9.3CVSS6.6AI score0.59136EPSS
Exploits9
Saint
Saint
•added 2009/04/23 12:0 a.m.•42 views

Microsoft WordPad Word97 text converter buffer overflow

Added: 04/23/2009 CVE: CVE-2009-0235 BID: 34470 OSVDB: 53664 Background The Microsoft WordPad Word 97 text converter allows Windows users who do not have Microsoft Word to open Word 97 files. Problem A buffer overflow vulnerability in the Word 97 text converter allows command execution when a use...

9.3CVSS6.7AI score0.33616EPSS
Exploits5
Saint
Saint
•added 2009/03/25 12:0 a.m.•42 views

ffdshow URL link buffer overflow

Added: 03/25/2009 CVE: CVE-2008-5381 BID: 32438 OSVDB: 50064 Background ffdshow tryouts also known just as ffdshow is an audio and video decoder for Windows. Problem A buffer overflow vulnerability allows command execution when a user opens a media stream with a long, specially crafted URL link...

9.3CVSS7AI score0.04756EPSS
Exploits4
Saint
Saint
•added 2009/02/26 12:0 a.m.•42 views

Java Runtime Environment JAR manifest Main Class buffer overflow

Added: 02/26/2009 CVE: CVE-2008-5354 BID: 32608 OSVDB: 50499 Background Java Runtime Environment JRE allows end users to run Java applications. Problem A buffer overflow vulnerability in JRE allows command execution when a user opens a JAR archive containing a manifest file with a specially craft...

9.3CVSS7.9AI score0.04798EPSS
Exploits5
Saint
Saint
•added 2008/12/19 12:0 a.m.•42 views

Visual FoxPro vfp6r.dll ActiveX Control DoCmd command execution

Added: 12/19/2008 CVE: CVE-2008-0236 BID: 27205 OSVDB: 40380 Background Visual FoxPro is a tool for developing database applications. Problem The vfp6r.dll ActiveX control allows command execution when a user opens a web page which uses the DoCmd method. Resolution Set the kill bit for class ID...

5.8CVSS6.6AI score0.17384EPSS
Exploits5
Saint
Saint
•added 2008/10/31 12:0 a.m.•42 views

Oracle WebLogic Server Apache Connector Transfer-Encoding buffer overflow

Added: 10/31/2008 CVE: CVE-2008-4008 BID: 31683 OSVDB: 49283 Background Oracle WebLogic Server formerly BEA WebLogic Server is a Java web application platform. Problem A buffer overflow vulnerability allows remote attackers to execute arbitrary commands by sending a specially crafted...

10CVSS7.5AI score0.56268EPSS
Exploits9
Saint
Saint
•added 2008/10/03 12:0 a.m.•42 views

DATAC RealWin SCADA Server FC_INFOTAG/SET_CONTROL buffer overflow

Added: 10/03/2008 CVE: CVE-2008-4322 BID: 31418 OSVDB: 48606 Background RealWin is a Supervisory Control and Data Acquisition SCADA server which is distributed by DATAC. Problem A buffer overflow vulnerability in RealWin Server allows remote attackers to execute arbitrary commands by sending a...

10CVSS7.7AI score0.64828EPSS
Exploits8
Saint
Saint
•added 2008/05/12 12:0 a.m.•42 views

Citadel SMTP server RCPT TO buffer overflow

Added: 05/12/2008 CVE: CVE-2008-0394 BID: 27376 OSVDB: 40516 Background Citadel is an open-source e-mail and collaboration server. Problem A buffer overflow vulnerability in the makeuserkey function allows remote attackers to execute arbitrary commands by sending a long, specially crafted RCPT TO...

7.5CVSS7.9AI score0.11948EPSS
Exploits4
Saint
Saint
•added 2008/01/17 12:0 a.m.•42 views

Microsoft Excel rtAFDesc record invalid pointer access

Added: 01/17/2008 CVE: CVE-2008-0081 BID: 27305 OSVDB: 40344 Background Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows platforms. Problem Microsoft Excel references an uninitialized pointer if a spreadsheet contains an improperly placed...

9.8CVSS9.5AI score0.57908EPSS
Exploits6
Saint
Saint
•added 2008/01/03 12:0 a.m.•42 views

Lotus Notes WPD attachment viewer buffer overflow

Added: 01/03/2008 CVE: CVE-2007-5910 BID: 26175 OSVDB: 40783 Background Lotus Notes is the client for Lotus Domino servers. Problem A buffer overflow in the KeyView Viewer included in Lotus Notes allows command execution when a user views a specially crafted WordPerfect WPD attachment. Resolution...

9.3CVSS6.9AI score0.06619EPSS
Exploits4
Saint
Saint
•added 2007/11/19 12:0 a.m.•42 views

Adobe PageMaker MAIPM6.DLL font name buffer overflow

Added: 11/19/2007 CVE: CVE-2007-5169 BID: 25989 OSVDB: 38067 Background Adobe PageMaker is page layout software. Problem A buffer overflow vulnerability in MAIPM6.DLL allows command execution when a user opens a .PMD file containing specially crafted font names. Resolution Apply the update...

9.3CVSS6.7AI score0.10175EPSS
Exploits4
Saint
Saint
•added 2007/08/17 12:0 a.m.•42 views

Internet Explorer tblinf32.dll ActiveX IObjectsafety vulnerability

Added: 08/17/2007 CVE: CVE-2007-2216 BID: 25289 OSVDB: 36396 Background The IObjectsafety interface provides methods to get and set safety options for objects which support untrusted clients. Problem The tblinf32.dll ActiveX control implements IObjectsafety incorrectly, allowing execution of code...

9.3CVSS6.8AI score0.41388EPSS
Exploits5
Saint
Saint
•added 2007/08/10 12:0 a.m.•42 views

Novell Client 4.91 SP4 nwspool.dll buffer overflow

Added: 08/10/2007 CVE: CVE-2007-6701 BID: 25092 OSVDB: 37319 Background Novell Client software provides NetWare connectivity to Windows platforms. Problem The nwspool.dll library in Novell Client is affected by buffer overflow vulnerabilities in several different functions, allowing remote...

10CVSS8AI score0.0717EPSS
Exploits6
Saint
Saint
•added 2007/07/16 12:0 a.m.•42 views

Windows MDAC RDS.Dataspace ActiveX control vulnerability

Added: 07/16/2007 CVE: CVE-2006-0003 BID: 17462 OSVDB: 24517 Background Microsoft Data Access Components MDAC enable Universal Data Access in Windows applications deployed over a network. Problem A cross-zone scripting vulnerability in the RDS.Dataspace ActiveX control in MDAC allows command...

5.1CVSS9.2AI score0.825EPSS
Exploits6
Saint
Saint
•added 2007/06/22 12:0 a.m.•42 views

Solaris loadable kernel module directory traversal

Added: 06/22/2007 CVE: CVE-2004-1767 BID: 9477 OSVDB: 15128 Background Loadable kernel modules are programs which can be dynamically loaded into the kernel. Problem A directory traversal vulnerability in the vfsgetvfssw function in the Solaris kernel allows unprivileged users to load their own...

7.2CVSS6.3AI score0.00433EPSS
Exploits4
Saint
Saint
•added 2007/04/05 12:0 a.m.•42 views

Windows Animated Cursor Header buffer overflow

Added: 04/05/2007 CVE: CVE-2007-0038 BID: 23194 OSVDB: 33629 Background Animated cursor .ani files contain animated graphics for icons and cursors. Problem A buffer overflow in Windows allows command execution when opening a specially crafted .ani file containing large file headers. Resolution...

9.3CVSS6.8AI score0.7288EPSS
Exploits12
Saint
Saint
•added 2007/03/12 12:0 a.m.•42 views

snmpXdmid buffer overflow

Added: 03/12/2007 CVE: CVE-2001-0236 BID: 2417 OSVDB: 546 Background The SNMP to DMI mapper daemon snmpXdmid translates Simple Network Management Protocol SNMP events to Desktop Management Interface DMI indications and vice-versa. Problem snmpXdmid is affected by a buffer overflow vulnerability...

10CVSS7.5AI score0.72036EPSS
Exploits6
Saint
Saint
•added 2007/02/16 12:0 a.m.•42 views

Solaris telnetd authentication bypass

Added: 02/16/2007 CVE: CVE-2007-0882 BID: 22512 OSVDB: 31881 Background The Telnet service allows remote users to authenticate to a system and use an interactive command shell. The Telnet service is implemented by the Telnet daemon, telnetd. Problem The telnetd program in Solaris 10 and 11...

10CVSS7.5AI score0.97848EPSS
Exploits13
Saint
Saint
•added 2006/11/17 12:0 a.m.•42 views

Microsoft XMLHTTP ActiveX control setRequestHeader vulnerability

Added: 11/17/2006 CVE: CVE-2006-5745 BID: 20915 OSVDB: 30208 Background Microsoft XML Core Services includes the XMLHTTP ActiveX control, which allows web pages to send and receive XML data. Problem A memory corruption vulnerability in the XMLHTTP ActiveX control allows command execution when a...

7.6CVSS6.7AI score0.75946EPSS
Exploits7
Total number of security vulnerabilities4305