Lucene search
+L
SaintMost viewed

4305 matches found

saint
saint
•added 2008/10/31 12:0 a.m.•42 views

Oracle WebLogic Server Apache Connector Transfer-Encoding buffer overflow

Added: 10/31/2008 CVE: CVE-2008-4008 BID: 31683 OSVDB: 49283 Background Oracle WebLogic Server formerly BEA WebLogic Server is a Java web application platform. Problem A buffer overflow vulnerability allows remote attackers to execute arbitrary commands by sending a specially crafted...

10CVSS7.5AI score0.56268EPSS
Exploits9
saint
saint
•added 2008/10/24 12:0 a.m.•42 views

Microsoft Excel formula parsing integer overflow

Added: 10/24/2008 CVE: CVE-2008-4019 BID: 31706 OSVDB: 49078 Background Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows and Macintosh platforms. Problem An integer overflow in the REPT function allows command execution when a user loads an Exc...

9.3CVSS6.6AI score0.34415EPSS
Exploits5
saint
saint
•added 2008/10/03 12:0 a.m.•42 views

DATAC RealWin SCADA Server FC_INFOTAG/SET_CONTROL buffer overflow

Added: 10/03/2008 CVE: CVE-2008-4322 BID: 31418 OSVDB: 48606 Background RealWin is a Supervisory Control and Data Acquisition SCADA server which is distributed by DATAC. Problem A buffer overflow vulnerability in RealWin Server allows remote attackers to execute arbitrary commands by sending a...

10CVSS7.7AI score0.64828EPSS
Exploits8
saint
saint
•added 2008/05/12 12:0 a.m.•42 views

Citadel SMTP server RCPT TO buffer overflow

Added: 05/12/2008 CVE: CVE-2008-0394 BID: 27376 OSVDB: 40516 Background Citadel is an open-source e-mail and collaboration server. Problem A buffer overflow vulnerability in the makeuserkey function allows remote attackers to execute arbitrary commands by sending a long, specially crafted RCPT TO...

7.5CVSS7.9AI score0.11948EPSS
Exploits4
saint
saint
•added 2008/01/17 12:0 a.m.•42 views

Microsoft Excel rtAFDesc record invalid pointer access

Added: 01/17/2008 CVE: CVE-2008-0081 BID: 27305 OSVDB: 40344 Background Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows platforms. Problem Microsoft Excel references an uninitialized pointer if a spreadsheet contains an improperly placed...

9.8CVSS9.5AI score0.57908EPSS
Exploits6
saint
saint
•added 2008/01/03 12:0 a.m.•42 views

Lotus Notes WPD attachment viewer buffer overflow

Added: 01/03/2008 CVE: CVE-2007-5910 BID: 26175 OSVDB: 40783 Background Lotus Notes is the client for Lotus Domino servers. Problem A buffer overflow in the KeyView Viewer included in Lotus Notes allows command execution when a user views a specially crafted WordPerfect WPD attachment. Resolution...

9.3CVSS6.9AI score0.06619EPSS
Exploits4
saint
saint
•added 2007/11/30 12:0 a.m.•42 views

QuickTime RTSP Content-Type header buffer overflow

Added: 11/30/2007 CVE: CVE-2007-6166 BID: 26549 OSVDB: 40876 Background QuickTime is a media player for Windows and Mac OS platforms. Problem A buffer overflow vulnerability in QuickTime allows command execution when a user opens an RTSP stream containing a specially crafted Content-Type header...

9.3CVSS6.8AI score0.41916EPSS
Exploits10
saint
saint
•added 2007/11/23 12:0 a.m.•42 views

Oracle XDB component PITRIG_DROPMETADATA buffer overflow

Added: 11/23/2007 CVE: CVE-2007-4517 BID: 26374 OSVDB: 39918 Background The PITRIGDROPMETADATA function is included in the XDB.XDBPITRIGPKG package which is included with Oracle Database. Problem A buffer overflow vulnerability in the PITRIGDROPMETADATA function allows remote, authenticated...

6CVSS7.5AI score0.05385EPSS
Exploits8
saint
saint
•added 2007/11/19 12:0 a.m.•42 views

Adobe PageMaker MAIPM6.DLL font name buffer overflow

Added: 11/19/2007 CVE: CVE-2007-5169 BID: 25989 OSVDB: 38067 Background Adobe PageMaker is page layout software. Problem A buffer overflow vulnerability in MAIPM6.DLL allows command execution when a user opens a .PMD file containing specially crafted font names. Resolution Apply the update...

9.3CVSS6.7AI score0.10175EPSS
Exploits4
saint
saint
•added 2007/08/17 12:0 a.m.•42 views

Internet Explorer tblinf32.dll ActiveX IObjectsafety vulnerability

Added: 08/17/2007 CVE: CVE-2007-2216 BID: 25289 OSVDB: 36396 Background The IObjectsafety interface provides methods to get and set safety options for objects which support untrusted clients. Problem The tblinf32.dll ActiveX control implements IObjectsafety incorrectly, allowing execution of code...

9.3CVSS6.8AI score0.41388EPSS
Exploits5
saint
saint
•added 2007/08/10 12:0 a.m.•42 views

Novell Client 4.91 SP4 nwspool.dll buffer overflow

Added: 08/10/2007 CVE: CVE-2007-6701 BID: 25092 OSVDB: 37319 Background Novell Client software provides NetWare connectivity to Windows platforms. Problem The nwspool.dll library in Novell Client is affected by buffer overflow vulnerabilities in several different functions, allowing remote...

10CVSS8AI score0.0717EPSS
Exploits6
saint
saint
•added 2007/07/20 12:0 a.m.•42 views

Trend Micro OfficeScan session cookie buffer overflow

Added: 07/20/2007 CVE: CVE-2007-3454 BID: 24641 OSVDB: 36629 Background Trend Micro OfficeScan is a centralized virus and security scan management system. Problem A buffer overflow vulnerability in the CGIOCommon.dll shared library allows remote attackers to execute arbitrary commands by sending ...

10CVSS7.8AI score0.05531EPSS
Exploits4
saint
saint
•added 2007/07/16 12:0 a.m.•42 views

Windows MDAC RDS.Dataspace ActiveX control vulnerability

Added: 07/16/2007 CVE: CVE-2006-0003 BID: 17462 OSVDB: 24517 Background Microsoft Data Access Components MDAC enable Universal Data Access in Windows applications deployed over a network. Problem A cross-zone scripting vulnerability in the RDS.Dataspace ActiveX control in MDAC allows command...

5.1CVSS9.2AI score0.825EPSS
Exploits6
saint
saint
•added 2007/04/12 12:0 a.m.•42 views

Yahoo Messenger AudioConf ActiveX control buffer overflow

Added: 04/12/2007 CVE: CVE-2007-1680 BID: 23291 OSVDB: 34319 Background Yahoo! Messenger is an instant messaging application. It includes the AudioConf ActiveX control which is provided by yacscom.dll. Problem A buffer overflow vulnerability in the AudioConf ActiveX control allows command executi...

9.3CVSS6.9AI score0.08375EPSS
Exploits4
saint
saint
•added 2007/04/05 12:0 a.m.•42 views

Windows Animated Cursor Header buffer overflow

Added: 04/05/2007 CVE: CVE-2007-0038 BID: 23194 OSVDB: 33629 Background Animated cursor .ani files contain animated graphics for icons and cursors. Problem A buffer overflow in Windows allows command execution when opening a specially crafted .ani file containing large file headers. Resolution...

9.3CVSS6.8AI score0.7288EPSS
Exploits12
saint
saint
•added 2007/03/12 12:0 a.m.•42 views

snmpXdmid buffer overflow

Added: 03/12/2007 CVE: CVE-2001-0236 BID: 2417 OSVDB: 546 Background The SNMP to DMI mapper daemon snmpXdmid translates Simple Network Management Protocol SNMP events to Desktop Management Interface DMI indications and vice-versa. Problem snmpXdmid is affected by a buffer overflow vulnerability...

10CVSS7.5AI score0.72036EPSS
Exploits6
saint
saint
•added 2006/12/28 12:0 a.m.•42 views

MailEnable POP PASS command buffer overflow

Added: 12/28/2006 CVE: CVE-2006-6605 BID: 21645 OSVDB: 32341 Background MailEnable is a mail server supporting SMTP and POP3 for Windows platforms. Problem A buffer overflow vulnerability in MailEnable allows remote, unauthenticated attackers to execute arbitrary commands by sending a long,...

10CVSS7.9AI score0.05844EPSS
Exploits4
saint
saint
•added 2006/11/17 12:0 a.m.•42 views

Microsoft XMLHTTP ActiveX control setRequestHeader vulnerability

Added: 11/17/2006 CVE: CVE-2006-5745 BID: 20915 OSVDB: 30208 Background Microsoft XML Core Services includes the XMLHTTP ActiveX control, which allows web pages to send and receive XML data. Problem A memory corruption vulnerability in the XMLHTTP ActiveX control allows command execution when a...

7.6CVSS6.7AI score0.75946EPSS
Exploits7
saint
saint
•added 2006/11/07 12:0 a.m.•42 views

Oracle Security Component sys.pbsde buffer overflow

Added: 11/07/2006 CVE: CVE-2005-3438 BID: 15134 OSVDB: 20612 Background pbsde is a package of stored procedures which is part of the base installation of Oracle Database. Problem A buffer overflow in the sys.pbsde.init procedure allows database users to execute arbitrary commands. Resolution Appl...

10CVSS7.3AI score0.05866EPSS
Exploits5
saint
saint
•added 2006/10/26 12:0 a.m.•42 views

Oracle Spatial component SDO_CS.TRANSFORM_LAYER buffer overflow

Added: 10/26/2006 CVE: CVE-2006-5344 BID: 20588 OSVDB: 31462 Background The Oracle Spatial formerly SDO component of Oracle Database provides a set of functions which process multi-dimensional data. Problem A buffer overflow in the Oracle Spatial component allows an attacker with EXECUTE privileg...

9CVSS7.2AI score0.03598EPSS
Exploits4
saint
saint
•added 2006/08/25 12:0 a.m.•42 views

McAfee Subscription Manager ActiveX buffer overflow

Added: 08/25/2006 CVE: CVE-2006-3961 BID: 19265 OSVDB: 27698 Background McAfee Antivirus products access the McAfee Security Center product which allows users to set preferences and settings for numerous installed McAfee components and services. The Security Center includes a Subscription Manager...

6.8CVSS6.9AI score0.33824EPSS
Exploits7
saint
saint
•added 2006/06/13 12:0 a.m.•42 views

Symantec real-time scan service buffer overflow

Added: 06/13/2006 CVE: CVE-2006-2630 BID: 18107 OSVDB: 25846 Background Various Symantec products include a real-time virus scan service. Problem A buffer overflow in the real-time virus scan service allows remote attackers to execute arbitrary commands. Resolution Apply patch SYM06-010. Referenc...

10CVSS7.6AI score0.73558EPSS
Exploits7
saint
saint
•added 2006/05/24 12:0 a.m.•42 views

QuickTime MOV file udta Atom buffer overflow

Added: 05/24/2006 CVE: CVE-2006-1460 BID: 17953 OSVDB: 25509 Background QuickTime is a media player for Windows and Mac OS platforms. Problem A buffer overflow in QuickTime allows command execution by a specially crafted Movie MOV file containing a long udta Atom. Resolution Upgrade to QuickTime...

5.1CVSS7AI score0.05586EPSS
Exploits4
saint
saint
•added 2006/04/05 12:0 a.m.•42 views

VERITAS NetBackup VMD argument parsing vulnerability

Added: 04/05/2006 CVE: CVE-2006-0989 BID: 17264 OSVDB: 24172 Background VERITAS NetBackup is a backup and recovery solution for multiple platforms. Problem Volume Manager Daemon VMD is affected by a buffer overflow vulnerability when parsing arguments to various commands. This vulnerability allow...

9CVSS7.2AI score0.07927EPSS
Exploits4
saint
saint
•added 2006/04/05 12:0 a.m.•42 views

cachefsd heap overflow

Added: 04/05/2006 CVE: CVE-2002-0033 BID: 4674 OSVDB: 779 Background cachefsd is an RPC service which supports local caching of Network File Systems NFS, thereby improving performance on filesystems mounted from an NFS server. Problem A heap overflow in cachefsd allows remote command execution...

10CVSS7AI score0.23078EPSS
Exploits4
saint
saint
•added 2006/01/30 12:0 a.m.•42 views

FrontPage fp30reg.dll remote debug buffer overflow

Added: 01/30/2006 CVE: CVE-2003-0822 BID: 9007 OSVDB: 2952 Background Microsoft FrontPage Server Extensions includes a remote debugging function. Problem A buffer overflow in fp30reg.dll leads to a vulnerability in the remote debug function in FrontPage Server Extensions. A remote attacker could...

7.5CVSS7.5AI score0.83075EPSS
Exploits10
saint
saint
•added 2006/01/24 12:0 a.m.•42 views

Trend Micro ServerProtect Management Console isaNVWRequest.dll chunked POST buffer overflow

Added: 01/24/2006 CVE: CVE-2005-1929 BID: 15865 OSVDB: 21771 Background ServerProtect is a virus scanner for servers. Problem A buffer overflow in ServerProtect Management Console could allow a remote attacker to execute commands using a chunked POST request to isaNVWRequest.dll. Resolution Use t...

7.5CVSS7.3AI score0.04944EPSS
Exploits4
saint
saint
•added 2005/12/19 12:0 a.m.•42 views

Windows password weakness

Added: 12/19/2005 CVE: CVE-1999-0503 Background Passwords are the most commonly used method of authenticating users to a server. The combination of a login name and password is used to verify the identity of a user requesting access, and to determine what parts of the server the user has permissi...

7.2CVSS6.5AI score0.01835EPSS
Exploits4
saint
saint
•added 2005/12/08 12:0 a.m.•42 views

FreeFTPd user name buffer overflow

Added: 12/08/2005 CVE: CVE-2005-3683 BID: 15457 OSVDB: 20909 Background FreeFTPd is a free FTP/FTPS/SFTP server for Windows platforms. Problem An unauthenticated remote attacker could execute arbitrary commands by sending a long, specially crafted argument to the USER command. Resolution Upgrade ...

7.5CVSS7.5AI score0.71506EPSS
Exploits8
saint
saint
•added 2017/02/16 12:0 a.m.•41 views

HP Smart Storage Administrator command injection

Added: 02/16/2017 CVE: CVE-2016-8523 BID: 95868 Background HP Smart Storage Administrator HP SSA is a web-based application that helps an administrator configure, manage, diagnose, and monitor HP ProLiant Smart Array Controllers and other storage devices such as host bus adapters HBAs and HP...

9CVSS9.2AI score0.1704EPSS
Exploits8
saint
saint
•added 2016/05/06 12:0 a.m.•41 views

Apache Struts Dynamic Method Invocation command execution

Added: 05/06/2016 CVE: CVE-2016-3081 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. The Dynamic Method Invocation...

9.3CVSS8.3AI score0.9373EPSS
Exploits12
saint
saint
•added 2015/08/26 12:0 a.m.•41 views

Symantec Endpoint Protection Manager authentication bypass

Added: 08/26/2015 CVE: CVE-2015-1486 BID: 76074 Background Symantec Endpoint Protection, by Symantec Corporation, is an antivirus and personal firewall product designed to be centrally managed in corporate environments by the Symantec Endpoint Protection Manager SEPM. Problem Symantec Endpoint...

7.5CVSS7.1AI score0.64487EPSS
Exploits9
saint
saint
•added 2014/06/24 12:0 a.m.•41 views

Adobe Pixel Shader

Added: 06/24/2014 CVE: CVE-2014-0515 BID: 67092 OSVDB: 106347 Background The Adobe Flash plugin provides flash content rendering for web browsers. Problem A buffer overflow exists due to an error in processing SWF files. The vulnerable function exists in the the DisplayShader class and can be...

10CVSS9AI score0.94569EPSS
Exploits9
saint
saint
•added 2013/12/09 12:0 a.m.•41 views

ABB MicroSCADA wserver.exe command execution

Added: 12/09/2013 BID: 63901 OSVDB: 100324 Background MicroSCADA Pro is a substation automation product from ABB. Problem A vulnerability in the wserver.exe process allows remote attackers to execute arbitrary commands by sending an EXECUTE request to port 12221/TCP. Resolution Disable wserver.ex...

8.3AI score
Exploits0
saint
saint
•added 2013/10/03 12:0 a.m.•41 views

Internet Explorer CCaret UpdateScreenCaret Memory Corruption

Added: 10/03/2013 CVE: CVE-2013-3205 BID: 62208 OSVDB: 97094 Background Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems. Problem Microsoft Internet Explorer contains a use-after-free error that is triggered when handling a CCaret object. The...

9.3CVSS6.7AI score0.66277EPSS
Exploits8
saint
saint
•added 2013/09/04 12:0 a.m.•41 views

Java Runtime Environment java.awt.image.IntegerComponentRaster buffer overflow

Added: 09/04/2013 CVE: CVE-2013-2471 BID: 60659 OSVDB: 94357 Background The Java Runtime Environment JRE is part of the Java Development Kit JDK, a set of programming tools for developing Java applications. The Java Runtime Environment provides the minimum requirements for executing a Java...

10CVSS8.8AI score0.14749EPSS
Exploits4
saint
saint
•added 2013/09/04 12:0 a.m.•41 views

Oracle Endeca Server createDataStore method command execution

Added: 09/04/2013 CVE: CVE-2013-3763 BID: 61217 OSVDB: 95269 Background Oracle Endeca Server is a hybrid search-analytical database. Problem A vulnerability in the controlSoapBinding service allows remote attackers to execute arbitrary commands by sending a request for the createDataStore method...

5.5CVSS7.2AI score0.5984EPSS
Exploits8
saint
saint
•added 2013/08/29 12:0 a.m.•41 views

HP LoadRunner lrFileIOService ActiveX Control WriteFileBinary Input Validation Error

Added: 08/29/2013 CVE: CVE-2013-2370 BID: 61441 OSVDB: 95640 Background HP LoadRunner is a software performance testing solution. HP LoadRunner includes the lrFileIOService ActiveX control. Problem HP LoadRunner before 11.52 is vulnerable to remote code execution. The lrFileIOService ActiveX...

7.5CVSS7.4AI score0.62764EPSS
Exploits9
saint
saint
•added 2013/07/26 12:0 a.m.•41 views

HP System Management Homepage ginkgosnmp.inc Command Injection

Added: 07/26/2013 CVE: CVE-2013-3576 BID: 60471 OSVDB: 94191 Background HP System Management Homepage SMH is a web-based interface that consolidates the management of ProLiant and Integrity servers. Problem A vulnerability in HP SMH ginkgosnmp.inc script allows command execution by a remote...

9CVSS6.2AI score0.66592EPSS
Exploits12
saint
saint
•added 2013/06/18 12:0 a.m.•41 views

Microsoft Office PNG File Handling Buffer Overflow

Added: 06/18/2013 CVE: CVE-2013-1331 BID: 60408 OSVDB: 94127 Background Microsoft Office is a package which provides word processing, spreadsheet, presentation, e-mail, and calendaring capabilities for Microsoft Windows workstations. Problem An error in Microsoft Office 2003 SP3 for Windows when...

9.3CVSS7.8AI score0.81877EPSS
Exploits4
saint
saint
•added 2013/05/06 12:0 a.m.•41 views

3S Smart Software Solutions CoDeSys Gateway Server Directory Traversal

Added: 05/06/2013 CVE: CVE-2012-4705 BID: 59446 OSVDB: 90368 Background Smart Software Solutions GmbH 3S manufactures CoDeSys Gateway Server, a Supervisory Control and Data Acquisition/Human-Machine Interface SCADA/HMI product. The Gateway Server listens on TCP port 1211. Problem 3S CoDeSys Gatew...

10CVSS7.3AI score0.65668EPSS
Exploits9
saint
saint
•added 2012/12/21 12:0 a.m.•41 views

MySQL FILE privilege elevation

Added: 12/21/2012 CVE: CVE-2012-5613 BID: 56771 OSVDB: 88118 Background MySQL is an open-source database software package available for multiple platforms. Problem A database user who has FILE permission can write arbitrary files to the file system, leading to privilege elevation. Resolution Revo...

6CVSS5.7AI score0.31664EPSS
Exploits15
saint
saint
•added 2012/11/23 12:0 a.m.•41 views

Java JAX-WS gmbal package sandbox breach

Added: 11/23/2012 CVE: CVE-2012-5076 BID: 56054 OSVDB: 86350 Background Java API for XML Web Services JAX-WS is a technology for developing web services in Java. It is included in the Java EE 5 platform. Problem A vulnerability in JAX-WS when handling the gmbal package allows code execution outsi...

10CVSS9.5AI score0.91013EPSS
Exploits18
saint
saint
•added 2012/11/09 12:0 a.m.•41 views

CA ARCserve Backup Authentication service invalid virtual function call

Added: 11/09/2012 CVE: CVE-2012-2971 BID: 56116 OSVDB: 86416 Background CA ARCserve Backup formerly BrightStor ARCserve Backup is a backup and recovery solution. Problem An invalid virtual function call in the authentication service allows remote attackers to execute arbitrary commands. Resolutio...

7.5CVSS7.3AI score0.04053EPSS
Exploits4
saint
saint
•added 2012/11/02 12:0 a.m.•41 views

Indusoft Thin Client ISSymbol ActiveX Control InternationalOrder buffer overflow

Added: 11/02/2012 CVE: CVE-2011-0340 BID: 47596 OSVDB: 72865 Background Indusoft Thin Client allows access to Indusoft Web Studio projects without requiring Web Studio to be installed. It includes the ISSymbol ActiveX control, which is also included in Indusoft Web Studio and Advantech Studio...

9.3CVSS6.7AI score0.32349EPSS
Exploits12
saint
saint
•added 2012/10/09 12:0 a.m.•41 views

HP Application Lifecycle Management ActiveX Control Arbitrary File Overwrite

Added: 10/09/2012 BID: 55272 OSVDB: 85059 Background HP Application Lifecycle Management ALM is a software product designed to manage the application lifecycle from requirements through readiness for delivery from a single repository, providing a consistent user experience and customizable...

0.1AI score
Exploits0
saint
saint
•added 2012/09/13 12:0 a.m.•41 views

HP Application Lifecycle Management XGO.ocx ActiveX SetShapeNodeType Method Vulnerability

Added: 09/13/2012 BID: 55272 OSVDB: 85152 Background HP Application Lifecycle Management ALM is a software product designed to manage the application lifecycle from requirements through readiness for delivery from a single repository, providing a consistent user experience and customizable...

7.6AI score
Exploits0
saint
saint
•added 2012/08/02 12:0 a.m.•41 views

Apache Struts 2 ConversionErrorInterceptor Java Injection

Added: 08/02/2012 CVE: CVE-2012-0391 OSVDB: 78277 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Problem Struts uses...

9.8CVSS8.8AI score0.75071EPSS
Exploits11
saint
saint
•added 2012/06/27 12:0 a.m.•41 views

Microsoft XML Core Services memory corruption

Added: 06/27/2012 CVE: CVE-2012-1889 BID: 53934 OSVDB: 82873 Background Microsoft XML Core Services allows developers to create XML-based applications. Problem A memory corruption vulnerability allows command execution when a user opens a specially crafted web page, which causes MSXML to access a...

9.3CVSS9AI score0.83638EPSS
Exploits12
saint
saint
•added 2012/06/04 12:0 a.m.•41 views

SAP NetWeaver Dispatcher DiagTraceR3Info Packet Parsing Vulnerability

Added: 06/04/2012 CVE: CVE-2012-2611 OSVDB: 81759 Background SAP Netweaver is a technology platform for building and integrating SAP business applications. Problem SAP Netweaver is vulnerable to a stack buffer overflow when configured with the developer trace level set to 2 or higher. The...

9.3CVSS9.6AI score0.41919EPSS
Exploits13
Total number of security vulnerabilities4305