Internet Explorer onload window vulnerability

Added: 12/01/2005 CVE: CVE-2005-1790 BID: 13799 OSVDB: 17094 Background Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems. Problem Internet Explorer fails to properly initialize the window function when called from an onLoad event in a body tag. This...

Computer Associates Message Queuing

Added: 11/29/2005 CVE: CVE-2005-2668 BID: 14622 OSVDB: 18916 Background The Computer Associates Message Queuing service is used internally by multiple Computer Associates products. Problem The Computer Associates Message Queuing service is affected by multiple buffer overflows which could result ...

IMail IMAP STATUS buffer overflow

Added: 11/29/2005 CVE: CVE-2005-1256 BID: 13727 OSVDB: 16806 Background IMail is a mail server for Windows platforms. It includes SMTP, POP, IMAP, and LDAP services, and a web interface and web calendaring service. Problem A buffer overflow when processing long mailbox names specified in the STAT...

Computer Associates Message Queuing

Added: 11/29/2005 CVE: CVE-2005-2668 BID: 14622 OSVDB: 18916 Background The Computer Associates Message Queuing service is used internally by multiple Computer Associates products. Problem The Computer Associates Message Queuing service is affected by multiple buffer overflows which could result ...

inoERP form personalization module command execution

Added: 10/28/2020 Background inoERP is an open source web based enterprise management system. Problem A vulnerability in the formpersonalization module allows remote, unauthenticated attackers to execute arbitrary PHP code injected in the templatecode parameter. Resolution No fix is available at...

Trend Micro Control Manager importFile directory traversal

Added: 09/25/2017 BID: 96131 Background Trend Micro Control Manager streamlines administration of Trend Micro security solutions. Problem A directory traversal vulnerability in the importFile.php script allows remote attackers to upload files containing arbitrary PHP script under the document roo...

Disk Savvy Enterprise GET buffer overflow

Added: 12/01/2016 Background Disk Savvy Enterprise is a disk space usage analyzer. Problem A buffer overflow in Disk Savvy Enterprise when handling GET requests could allow remote code execution. Resolution Upgrade to a version higher than 9.1.14 when available. References Limitations Exploit wor...

Safari Script Editor AppleScript execution

Added: 11/02/2015 CVE: CVE-2015-7007 BID: 77266 Background Safari is a web browser for Mac OS X and Windows. Problem A vulnerability in the OS X Script Editor allows a malicious web page to execute arbitrary AppleScript code without user confirmation by enticing a user to type Control-R in Safari...

Mac OS X rsh Environment Variables Privilege Elevation

Added: 10/15/2015 CVE: CVE-2015-5889 Background The remotecmds component of Apple Mac OS X contains an rsh binary program that allows a user to execute commands on another computer across a computer network. Problem The rsh binary in the remotecmds component of Mac OS X versions prior to 10.11...

Konica Minolta FTP Utility buffer overflow

Added: 10/01/2015 Background The Konica Minolta FTP Utility is an FTP server for Windows 98 through XP. Problem A vulnerability in the FTP Utility allows remote, unauthenticated attackers to execute arbitrary commands by sending a long, specially crafted argument to any command. Resolution Remove...

WP Symposium Plugin for WordPress Arbitrary File Upload

Added: 01/29/2015 BID: 71686 OSVDB: 116046 Background WP Symposium is a social network plugin for WordPress. Problem WP Symposium Plugin for WordPress contains a vulnerability that allows a remote attacker to execute arbitrary PHP code. This vulnerability is due to the...

Liferay Portal Apache Felix command injection

Added: 12/31/2014 OSVDB: 116510 Background Liferay Portal is an enterprise web platform for building business solutions. Apache Felix is an implementation of the OSGi Framework and Service platform. Problem Liferay Portal is affected by a vulnerability which could allow remote attackers to execut...

TRENDnet Shell

Added: 06/24/2014 Background TRENDnet routers are vulnerable to a range of SQL injection, command injection, and buffer overflow vulnerabilities. Current supported devices include: TEW-654TR - Remote Root Shell TEW-732BR - Remote Root Shell Problem A SQL injection vulnerability allows the attacke...

HP LoadRunner Virtual User Generator EmulationAdmin service directory traversal

Added: 12/18/2013 CVE: CVE-2013-4837 BID: 63475 OSVDB: 99231 Background HP LoadRunner is a software performance testing solution. Problem A directory traversal vulnerability in the Virtual User Generator EmulationAdmin service allows remote attackers to upload files to arbitrary locations using t...

HP LoadRunner lrFileIOService ActiveX WriteFileString Method Traversal Vulnerability

Added: 10/17/2013 CVE: CVE-2013-4798 BID: 61443 OSVDB: 95642 Background HP LoadRunner is a software performance testing solution. HP LoadRunner includes the lrFileIOService ActiveX control. Problem HP LoadRunner before 11.52 is vulnerable to remote code execution. The lrFileIOService ActiveX...

Internet Explorer CCaret UpdateScreenCaret Memory Corruption

Added: 10/03/2013 CVE: CVE-2013-3205 BID: 62208 OSVDB: 97094 Background Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems. Problem Microsoft Internet Explorer contains a use-after-free error that is triggered when handling a CCaret object. The...

WPAD Listener

Added: 09/30/2013 Background The LLMNR Local Link Multicast Name Resolution protocol is used to answer wpad requests sent by Microsoft Windows. A rogue WPAD server delivers a wpad.dat file to poisoned hosts forcing them to proxy web requests through the SAINT server. In addition, browsers are...

Internet Explorer CFlatMarkupPointer Object Handling Use-after-free Vulnerability

Added: 09/05/2013 CVE: CVE-2013-3184 BID: 61668 OSVDB: 96182 Background Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems. Problem A user-after-free vulnerability when handling the InsertImage command identifier of CFlatMarkupPointer objects in a web...

QuickTime Movie File dref Atom Handling Buffer Overflow

Added: 08/01/2013 CVE: CVE-2013-1017 BID: 60097 OSVDB: 93625 Background QuickTime is a media player for Windows and Mac OS platforms. Problem Apple QuickTime before 7.7.4 is vulnerable to remote code execution due to a failure to perform appropriate validation of user supplied input. A remote...

Novell ZENworks Mobile Management DUSAP.php Language Parameter Vulnerability

Added: 07/18/2013 CVE: CVE-2013-1082 BID: 60179 OSVDB: 91118 Background ZENworks Mobile Management ZMM offers centralized management tools that are useful for deploying new mobile devices in the workforce, whether those devices are company-issued or privately owned. ZMM ensures that users have th...

Novell ZENworks Mobile Management MDM.php Language Parameter Vulnerability

Added: 06/15/2013 CVE: CVE-2013-1081 BID: 58402 OSVDB: 91119 Background ZENworks Mobile Management ZMM offers centralized management tools that are useful for deploying new mobile devices in the workforce, whether those devices are company-issued or privately owned. ZMM ensures that users have th...

IBM SPSS SamplePower c1sizer ActiveX Control Vulnerability

Added: 06/09/2013 CVE: CVE-2012-5946 BID: 59559 OSVDB: 92845 Background SPSS Statistical Package for the Social Sciences is a computer application that provides statistical analysis of data. It allows for in-depth data access and preparation, analytical reporting, graphics and modelling...

VMware OVF Tool Format String

Added: 03/15/2013 CVE: CVE-2012-3569 BID: 56468 OSVDB: 87117 Background VMware is a suite of products supporting the creation and operation of virtual machines , which are self-contained, independent guest operating systems running within a host operating system. Problem The Windows variants of...

Novell GroupWise Client ActiveX SetEngine Pointer Manipulation

Added: 02/18/2013 CVE: CVE-2012-0439 BID: 57658 OSVDB: 89700 Background Novell GroupWise is an e-mail and collaboration product suite. Problem Several methods in the GroupWise ActiveX plugin do not validate user-supplied pointers that are passed as function arguments. This may allow an attacker t...

Novell GroupWise Client ActiveX SetEngine Pointer Manipulation

Added: 02/18/2013 CVE: CVE-2012-0439 BID: 57658 OSVDB: 89700 Background Novell GroupWise is an e-mail and collaboration product suite. Problem Several methods in the GroupWise ActiveX plugin do not validate user-supplied pointers that are passed as function arguments. This may allow an attacker t...

IBM Cognos TM1 and Express Admin Server Buffer Overflow

Added: 12/27/2012 CVE: CVE-2012-0202 BID: 52847 OSVDB: 80876 Background IBM Cognos TM1 is enterprise planning software for planning, budgeting, forecasting and analysis. IBM Cognos Express is an integrated business intelligence BI and planning solution which delivers the essential reporting,...

Novell NetIQ Privileged User Manager modifyAccounts Security Bypass

Added: 12/07/2012 BID: 56535 OSVDB: 87335 Background Novell NetIQ Privileged User Manager NPUM allows IT administrators to work on systems without exposing superuser administrator or supervisor passwords or root-account credentials to the administrator. Problem NetIQ Privileged User Manager 2.3.1...

SafeNet PrivAgent.ocx ActiveX control ChooseFilePath buffer overflow

Added: 11/16/2012 BID: 56297 OSVDB: 86723 Background SafeNet Hardware Against Software Piracy HASP solutions include the PrivAgent.ocx ActiveX control. Problem A buffer overflow vulnerability in the ChooseFilePath method of the PrivAgent.ocx ActiveX control allows command execution when a user...

HP Diagnostics magentservice.exe Malformed Packet Parsing Vulnerability

Added: 10/12/2012 BID: 55159 OSVDB: 84855 Background HP Diagnostics software monitors application transaction health in traditional, virtualized and cloud environments. Problem HP Diagnostics Server has a buffer overflow vulnerability in the magentservice.exe process that could allow...

Novell ZENworks Asset Management rtrlet File Upload Traversal

Added: 10/09/2012 CVE: CVE-2011-2653 BID: 50966 OSVDB: 77583 Background Novell ZENworks is a resource management solution consisting of a management server and management agents. Problem The Asset Management module ZAM of ZENworks version 7.5 fails to validate the name of uploaded files via POST...

IBM Lotus Notes URL Handler Command Execution

Added: 09/07/2012 CVE: CVE-2012-2174 BID: 54070 OSVDB: 83063 Background Lotus Notes is the client for Lotus Domino servers. Problem Lotus Notes 8.5.3 and earlier is vulnerable to remote code execution when handling a specially crafted URL. A remote attacker can pass the -RPARAMS command line...

HP Operations Agent Opcode 0x34 vulnerability

Added: 08/06/2012 CVE: CVE-2012-2019 BID: 54362 OSVDB: 83673 Background HP Operations Agents is a fault and performance monitoring solution for servers. Problem A buffer overflow vulnerability in the coda.exe process, which listens on a random TCP port, could allow remote attackers to execute...

HP Operations Agent Opcode 0x34 vulnerability

Added: 08/06/2012 CVE: CVE-2012-2019 BID: 54362 OSVDB: 83673 Background HP Operations Agents is a fault and performance monitoring solution for servers. Problem A buffer overflow vulnerability in the coda.exe process, which listens on a random TCP port, could allow remote attackers to execute...

Citrix Provisioning Services streamprocess.exe 0x40020000 Opcode Integer Underflow

Added: 07/30/2012 BID: 49803 OSVDB: 75780 Background Citrix Provisioning Services dynamically provisions virtual servers to simplify and streamline server management, while reducing software rollout risk. Problem Citrix Provisioning Services up to and including version 5.6 Service Pack 1 are...

Apple QuickTime QTVRStringAtom stringLength Parameter QTVR Movie File Handling

Added: 07/16/2012 CVE: CVE-2012-0667 BID: 53583 OSVDB: 81938 Background QuickTime is a media player for Windows and Mac OS platforms. Problem Apple QuickTime 7.7.1 and earlier versions are vulnerable to remote code execution if the user is persuaded to open a specially crafted QTVR movie file. Th...

HP OpenView Storage Data Protector inet Service EXEC_CMD Remote Overflow

Added: 06/27/2012 CVE: CVE-2011-1866 BID: 48488 OSVDB: 73572 Background HP Data Protector is an automated data backup solution. Problem A buffer overflow vulnerability in omniinet.exe in the inet service of HP OpenView Storage Data Protector allows remote attackers to execute arbitrary commands b...

Firefox AttributeChildRemoved Use After Free

Added: 05/21/2012 CVE: CVE-2011-3659 BID: 51755 OSVDB: 78736 Background Firefox is a freely available web browser for multiple platforms including Windows, Linux, and Mac OS. Problem In Firefox version prior to 3.6.26, and 4.0 through 9.0, when removing child objects from the DOM tree, the remove...

Quest InTrust Annotation Objects ActiveX Control Add Method Vulnerability

Added: 04/27/2012 BID: 52765 OSVDB: 80662 Background InTrust collects, stores, reports and alerts on event log data from Windows, Unix and Linux systems. Problem Quest Intrust Annotation Objects ActiveX Control AnnotateX.dll is vulnerable to remote code execution due to an input validation error...

Microsoft Expression Design wintab32.dll Library Loading

Added: 04/25/2012 CVE: CVE-2012-0016 BID: 52375 OSVDB: 80001 Background Microsoft Expression Design is a commercial professional illustration vector and raster graphic design tool for web images. Problem Microsoft Expression Design contains a flaw in the way it loads dynamic-link libraries DLL. T...

Novell ZENworks Configuration Management Preboot Service Opcode 6c Vulnerability

Added: 04/06/2012 CVE: CVE-2011-3176 BID: 52659 OSVDB: 80231 Background Novell ZENworks Configuration Management is an IT desktop computer management suite that provides the ability to install, configure and administer desktop computers from a centralized location. The product is based on a...

Citrix Provisioning Services Opcode 40020006 Integer Underflow

Added: 01/20/2012 BID: 49803 Background Citrix Provisioning Services dynamically provisions virtual servers to simplify and streamline server management, while reducing software rollout risk. Problem Citrix Provisioning Services 5.6 SP1 and prior are vulnerable to a remotely exploitable integer...

CoCSoft Stream Down Stack Overflow

Added: 01/10/2012 CVE: CVE-2011-5052 BID: 51190 OSVDB: 78043 Background CoCSoft Stream Down is a streaming media download tool. Problem The CoCSoft Stream Down HTTP client implementation in version 6.8 and prior does not properly validate HTTP responses. This vulnerability may allow an attacker t...

Cytel Studio CY3 File Processing Buffer Overflow

Added: 12/05/2011 BID: 49924 OSVDB: 75991 Background Cytel Inc. provides clinical trial design services and specialized statistical applications primarily for the biotech and pharmaceutical research markets. StatXact is a statistical software package based on the exact branch of statistics used b...

Measuresoft ScadaPro xf Command Execution

Added: 11/28/2011 CVE: CVE-2011-3490 BID: 49613 OSVDB: 75490 Background ScadaPro is Real Time Data Acquisition software for Microsoft Windows. Problem ScadaPro version 4.0.0 and prior runs a legacy network service on UDP port 11234. This service contains multiple stack overflow and remote command...

Symantec IM Manager IMAdminLDAPConfig.asp SQL injection

Added: 10/31/2011 CVE: CVE-2011-0553 BID: 49738 OSVDB: 75984 Background Symantec IM Manager is a solution for managing and securing instant-messaging traffic in an enterprise. Problem An SQL injection vulnerability in IMAdminLDAPConfig.asp allows remote, authenticated attackers to execute arbitra...

Apple Safari libxslt File Create

Added: 10/24/2011 CVE: CVE-2011-1774 BID: 48840 OSVDB: 74017 Background Safari is a web browser for Mac OS X and Windows. Problem Safari versions prior to 5.0.6 use unsafe security settings when implementing libxslt. An attacker may leverage this weakness by creating a web page that references a...

Citrix Access Gateway NESPA ActiveX Control

Added: 09/13/2011 CVE: CVE-2011-2882 BID: 48676 OSVDB: 74191 Background Citrix Access Gateway is an application remote-access solution. Problem The Citrix Access Gateway installs an ActiveX plug-in on the user's browser. Plug-in versions 8.1-67.7, 9.0-70.5, and 9.1-96.4 are vulnerable to a stack...

RealNetworks RealPlayer QCP Parsing

Added: 09/12/2011 CVE: CVE-2011-2950 BID: 49172 OSVDB: 74549 Background RealPlayer is a media player application which can play back various multimedia file formats, including QCP audio files. The QCP file format is frequently used to provide ring tones and to record voice for cellular telephones...

HP OpenView Storage Data Protector Opcode 27 Stack Buffer Overflow

Added: 07/18/2011 CVE: CVE-2011-1865 BID: 48486 OSVDB: 73571 Background HP Data Protector is a backup solution for enterprise and distributed environments. The Data Protector environment consists of a Cell Manager, backup agents, and backup device servers. The OmniInet process omniinet.exe is...

Microsoft Excel Data Validation Record Parsing Overflow

Added: 06/15/2011 CVE: CVE-2011-0105 BID: 47256 OSVDB: 71765 Background Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows and Macintosh platforms. Problem Microsoft Excel 2002 versions lacking the patch detailed in Microsoft Security Advisory...