Lucene search
+L
SaintMost viewed

4305 matches found

saint
saint
added 2005/11/29 12:0 a.m.37 views

Computer Associates Message Queuing

Added: 11/29/2005 CVE: CVE-2005-2668 BID: 14622 OSVDB: 18916 Background The Computer Associates Message Queuing service is used internally by multiple Computer Associates products. Problem The Computer Associates Message Queuing service is affected by multiple buffer overflows which could result ...

10CVSS6.9AI score0.75244EPSS
Exploits7
saint
saint
added 2020/10/28 12:0 a.m.36 views

inoERP form personalization module command execution

Added: 10/28/2020 Background inoERP is an open source web based enterprise management system. Problem A vulnerability in the formpersonalization module allows remote, unauthenticated attackers to execute arbitrary PHP code injected in the templatecode parameter. Resolution No fix is available at...

8.2AI score
Exploits0
saint
saint
added 2020/04/30 12:0 a.m.36 views

Unraid webGui remote code execution

Added: 04/30/2020 CVE: CVE-2020-5847 Background Unraid is a network-attached storage operating system. It runs a web-based graphical user interface webGui written in PHP. Problem The Unraid webGui uses the PHP extract function to load all GET parameters into the application as variables, allowing...

10CVSS8.9AI score0.95844EPSS
Exploits8
saint
saint
added 2019/05/07 12:0 a.m.36 views

SAP Gateway Remote Command Execution

Added: 05/07/2019 Background SAP Gateway is a development framework, which allows non-SAP applications to communicate with SAP applications. Problem SAP Gateway behavior depends on two parameters, aclmode and simmode. If SAP Gateway access control lists ACLs are configured aclmode=0, anonymous...

7.3AI score
Exploits0
saint
saint
added 2016/03/31 12:0 a.m.36 views

Wago Shell

Added: 03/31/2016 Background Wago PLCs are used in Factory and building automation. Wago ethernet PLCs are connected by IP and can be administered remotely. Problem Wago PLC devices use CoDeSyS protocols to program the device. If the programming ports are left open an attacker is able to upload,...

7.5AI score
Exploits0
saint
saint
added 2016/01/08 12:0 a.m.36 views

Easy File Sharing Web Server HEAD HTTP request vulnerability

Added: 01/08/2016 Background Easy File Sharing Web Server is software that allows users to upload/download files to a server easily through a web browser, as well as providing a bulletin board system forum. Problem Easy File Sharing Web Server is vulnerable to a stack buffer overflow condition as...

2.2AI score
Exploits0
saint
saint
added 2015/11/02 12:0 a.m.36 views

Safari Script Editor AppleScript execution

Added: 11/02/2015 CVE: CVE-2015-7007 BID: 77266 Background Safari is a web browser for Mac OS X and Windows. Problem A vulnerability in the OS X Script Editor allows a malicious web page to execute arbitrary AppleScript code without user confirmation by enticing a user to type Control-R in Safari...

7.5CVSS9.7AI score0.53338EPSS
Exploits8
saint
saint
added 2015/10/01 12:0 a.m.36 views

Konica Minolta FTP Utility buffer overflow

Added: 10/01/2015 Background The Konica Minolta FTP Utility is an FTP server for Windows 98 through XP. Problem A vulnerability in the FTP Utility allows remote, unauthenticated attackers to execute arbitrary commands by sending a long, specially crafted argument to any command. Resolution Remove...

1.3AI score
Exploits0
saint
saint
added 2015/09/15 12:0 a.m.36 views

Windows Media Center command execution

Added: 09/15/2015 CVE: CVE-2015-2509 Background Windows Media Center is software for watching DVDs and TV channels on Windows systems. Problem A vulnerability in Windows Media Center could allow command execution when a user opens an .mcl file which references an executable file supplied by an...

9.3CVSS8.3AI score0.71044EPSS
Exploits12
saint
saint
added 2015/06/09 12:0 a.m.36 views

Seagate Central unauthenticated file upload

Added: 06/09/2015 Background Seagate Central is a personal cloud storage device which can be connected to a wireless router. Problem Seagate Central has no root password, allowing unauthenticated users to upload arbitrary files via PHP. This can be leveraged to execute arbitrary commands by...

8.4AI score
Exploits0
saint
saint
added 2015/02/18 12:0 a.m.36 views

HP Data Protector Windows Unauthenticated Remote Code Execution

Added: 02/18/2015 CVE: CVE-2014-2623 BID: 68672 OSVDB: 109069 Background HP Data Protector is a backup solution for enterprise and distributed environments. Data Protector Manager listens on port 5555/TCP. Problem HP Data Protector is vulnerable to remote unauthenticated arbitrary command executi...

10CVSS9.8AI score0.89394EPSS
Exploits20
saint
saint
added 2015/01/29 12:0 a.m.36 views

WP Symposium Plugin for WordPress Arbitrary File Upload

Added: 01/29/2015 BID: 71686 OSVDB: 116046 Background WP Symposium is a social network plugin for WordPress. Problem WP Symposium Plugin for WordPress contains a vulnerability that allows a remote attacker to execute arbitrary PHP code. This vulnerability is due to the...

0.4AI score
Exploits0
saint
saint
added 2014/12/31 12:0 a.m.36 views

Liferay Portal Apache Felix command injection

Added: 12/31/2014 OSVDB: 116510 Background Liferay Portal is an enterprise web platform for building business solutions. Apache Felix is an implementation of the OSGi Framework and Service platform. Problem Liferay Portal is affected by a vulnerability which could allow remote attackers to execut...

1.2AI score
Exploits0
saint
saint
added 2014/06/24 12:0 a.m.36 views

TRENDnet Shell

Added: 06/24/2014 Background TRENDnet routers are vulnerable to a range of SQL injection, command injection, and buffer overflow vulnerabilities. Current supported devices include: TEW-654TR - Remote Root Shell TEW-732BR - Remote Root Shell Problem A SQL injection vulnerability allows the attacke...

2.7AI score
Exploits0
saint
saint
added 2014/05/29 12:0 a.m.36 views

Easy File Sharing Web Server SESSIONID Cookie Handling Buffer Overflow

Added: 05/29/2014 CVE: CVE-2014-3791 BID: 67406 OSVDB: 106965 Background Easy File Sharing Web Server is software that allows users to upload/download files to a server easily through a web browser, as well as providing a bulletin board system forum. Problem Easy File Sharing Web Server is...

10CVSS10AI score0.76198EPSS
Exploits6
saint
saint
added 2014/01/10 12:0 a.m.36 views

vTiger CRM AddEmailAttachment arbitrary file upload

Added: 01/10/2014 CVE: CVE-2013-3214 BID: 61558 OSVDB: 95902 Background vTiger CRM is a customer relationship management application written in PHP. Problem An arbitrary file upload vulnerability when handling SOAP AddEmailAttachment requests allows remote attackers to execute arbitrary commands ...

7.5CVSS10AI score0.84535EPSS
Exploits13
saint
saint
added 2013/11/18 12:0 a.m.36 views

Symantec Altiris DS SQL injection

Added: 11/18/2013 CVE: CVE-2008-2286 BID: 29198 OSVDB: 45313 Background Altiris Deployment Solution DS is software for managing the configuration of machines on a network. Problem An SQL injection vulnerability allows remote attackers to execute arbitrary commands by sending a specially crafted...

7.5CVSS8.1AI score0.32678EPSS
Exploits9
saint
saint
added 2013/10/30 12:0 a.m.36 views

HP SiteScope APIBSMIntegrationImpl runOMAgentCommand SOAP Request Vulnerability

Added: 10/30/2013 CVE: CVE-2013-2367 BID: 61506 OSVDB: 95824 Background HP SiteScope is an agentless software application used to monitor the availability and performance of distributed IT infrastructures including servers, operating systems, network and Internet services, applications and...

10CVSS7.8AI score0.68895EPSS
Exploits10
saint
saint
added 2013/10/23 12:0 a.m.36 views

McAfee Web Reporter JBoss EJBInvokerServlet Marshalled Object Code Execution

Added: 10/23/2013 CVE: CVE-2013-4810 BID: 62854 OSVDB: 97153 Background McAfee Web Reporter analyzes logs from a variety of proxy sources to provide real-time views into web traffic, including extensive drill-down capabilities and powerful off-line processing. Problem McAfee Web Reporter is...

10CVSS9.9AI score0.79003EPSS
Exploits5
saint
saint
added 2013/10/09 12:0 a.m.36 views

Internet Explorer Use-After-Free Memory Corruption (MS13-055)

Added: 10/09/2013 CVE: CVE-2013-3163 BID: 60975 OSVDB: 94981 Background Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems. Problem Microsoft Internet Explorer contains a use-after-free error which can lead to memory corruption in such a way as to allow...

9.3CVSS9AI score0.70676EPSS
Exploits6
saint
saint
added 2013/07/18 12:0 a.m.36 views

Apache Struts URL includeParams Attribute OGNL Code Injection

Added: 07/18/2013 CVE: CVE-2013-2115 BID: 60167 OSVDB: 93645 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Problem...

9.3CVSS8.2AI score0.72778EPSS
Exploits9
saint
saint
added 2013/06/26 12:0 a.m.36 views

Oracle WebCenter Capture ActiveX SetAnnotationFont buffer overflow

Added: 06/26/2013 CVE: CVE-2013-1516 BID: 59112 OSVDB: 92387 Background Oracle WebCenter Capture formerly Oracle Document Capture is a centralized document scanning solution. Problem The Import Server subcomponent of Oracle WebCenter Capture is affected by a buffer overflow vulnerability. The...

4CVSS6.5AI score0.00995EPSS
Exploits4
saint
saint
added 2013/06/15 12:0 a.m.36 views

Novell ZENworks Mobile Management MDM.php Language Parameter Vulnerability

Added: 06/15/2013 CVE: CVE-2013-1081 BID: 58402 OSVDB: 91119 Background ZENworks Mobile Management ZMM offers centralized management tools that are useful for deploying new mobile devices in the workforce, whether those devices are company-issued or privately owned. ZMM ensures that users have th...

7.5CVSS7.2AI score0.68079EPSS
Exploits10
saint
saint
added 2013/05/08 12:0 a.m.36 views

Internet Explorer CGenericElement Object Use-after-free Vulnerability

Added: 05/08/2013 CVE: CVE-2013-1347 BID: 59641 OSVDB: 92993 Background Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems. Problem When Internet Explorer attempts to access an object in memory that has been deleted, it may corrupt memory in such a way...

9.3CVSS8.8AI score0.77889EPSS
Exploits11
saint
saint
added 2013/04/01 12:0 a.m.36 views

Sami FTP Server LIST command buffer overflow

Added: 04/01/2013 BID: 58247 OSVDB: 90815 Background Sami FTP Server is an FTP server for Windows. Problem Sami FTP Server is affected by a buffer overflow vulnerability. A remote attacker could exploit this vulnerability by sending a long, specially crafted LIST command to the server, resulting ...

8AI score
Exploits0
saint
saint
added 2013/02/18 12:0 a.m.36 views

Novell GroupWise Client ActiveX SetEngine Pointer Manipulation

Added: 02/18/2013 CVE: CVE-2012-0439 BID: 57658 OSVDB: 89700 Background Novell GroupWise is an e-mail and collaboration product suite. Problem Several methods in the GroupWise ActiveX plugin do not validate user-supplied pointers that are passed as function arguments. This may allow an attacker t...

9.3CVSS7AI score0.39183EPSS
Exploits9
saint
saint
added 2012/12/07 12:0 a.m.36 views

Novell NetIQ Privileged User Manager modifyAccounts Security Bypass

Added: 12/07/2012 BID: 56535 OSVDB: 87335 Background Novell NetIQ Privileged User Manager NPUM allows IT administrators to work on systems without exposing superuser administrator or supervisor passwords or root-account credentials to the administrator. Problem NetIQ Privileged User Manager 2.3.1...

7.7AI score
Exploits0
saint
saint
added 2012/11/16 12:0 a.m.36 views

QuickTime plugin MIME type buffer overflow

Added: 11/16/2012 CVE: CVE-2012-3753 BID: 56438 OSVDB: 87088 Background QuickTime is a media player for Windows and Mac OS platforms. Problem A buffer overflow vulnerability in the QuickTime plugin allows command execution when a malicious web site sends a long, specially crafted MIME type...

9.3CVSS6.7AI score0.35078EPSS
Exploits9
saint
saint
added 2012/10/26 12:0 a.m.36 views

HP Operations Agent for NonStop Server ELinkService HEALTH packet buffer overflow

Added: 10/26/2012 BID: 55161 OSVDB: 84854 Background HP Operations Agents is a fault and performance monitoring solution for servers. Problem A buffer overflow vulnerability in HP Operations Agent for NonStop server allows an attacker to execute arbitrary commands by sending a specially crafted...

1AI score
Exploits0
saint
saint
added 2012/10/22 12:0 a.m.36 views

HP SiteScope SOAP Call APIPreferenceImpl Security Bypass

Added: 10/22/2012 CVE: CVE-2012-3261 BID: 55269 OSVDB: 85796 Background HP SiteScope is an agentless software application used to monitor the availability and performance of distributed IT infrastructures including servers, operating systems, network and Internet services, applications and...

10CVSS7.1AI score0.40225EPSS
Exploits5
saint
saint
added 2012/10/09 12:0 a.m.36 views

HP Application Lifecycle Management ActiveX Control Arbitrary File Overwrite

Added: 10/09/2012 BID: 55272 OSVDB: 85059 Background HP Application Lifecycle Management ALM is a software product designed to manage the application lifecycle from requirements through readiness for delivery from a single repository, providing a consistent user experience and customizable...

7.6AI score
Exploits0
saint
saint
added 2012/07/09 12:0 a.m.36 views

Apple QuickTime TeXML Style Element Parsing Buffer Overflow

Added: 07/09/2012 CVE: CVE-2012-0663 BID: 53571 OSVDB: 81934 Background QuickTime is a media player for Windows and Mac OS platforms. Problem Apple QuickTime 7.7.1 and earlier versions are vulnerable to buffer overflow when parsing XML elements within a TeXML file. The QuickTime3GPP.qtx QuickTime...

9.3CVSS7.5AI score0.28623EPSS
Exploits9
saint
saint
added 2012/07/03 12:0 a.m.36 views

iTunes m3u Playlist Overflow

Added: 07/03/2012 CVE: CVE-2012-0677 BID: 53933 OSVDB: 82897 Background iTunes is a free media player for multiple platforms. Problem iTunes does not properly validate parameters for EXTINF: directives in m3u files. This results in an exploitable stack overflow. Resolution Upgrade to iTunes 10.6....

9.3CVSS6.2AI score0.15357EPSS
Exploits17
saint
saint
added 2012/06/29 12:0 a.m.36 views

Adobe Flash Player Object Confusion Code Execution

Added: 06/29/2012 CVE: CVE-2012-0779 BID: 53395 OSVDB: 81656 Background Adobe Flash Player is a cross-platform browser plug-in providing visual enhancements for web pages. Problem Adobe Flash Player 11.2.202.233 and earlier on Windows is vulnerable to an "object confusion" vulnerability. A remote...

9.3CVSS7AI score0.85698EPSS
Exploits10
saint
saint
added 2012/06/11 12:0 a.m.36 views

Symantec Web Gateway access_log PHP Injection

Added: 06/11/2012 CVE: CVE-2012-0297 BID: 53444 OSVDB: 82023 Background Symantec Web Gateway protects organizations against multiple types of Web-based malware and prevents data loss over the Web. Problem Symantec Web Gateway fails to properly sanitize user-supplied input passed to...

10CVSS7.1AI score0.72596EPSS
Exploits22
saint
saint
added 2012/06/11 12:0 a.m.36 views

GIMP Script-Fu Server Buffer Overflow

Added: 06/11/2012 CVE: CVE-2012-2763 BID: 53741 OSVDB: 82429 Background The GNU Image Manipulation Program GIMP is free software for tasks such as photo retouching, image composition, and image authoring. Problem The vulnerability is due improper boundary checking within the Script-Fu server...

7.5CVSS8AI score0.81722EPSS
Exploits14
saint
saint
added 2012/06/11 12:0 a.m.36 views

Symantec Web Gateway access_log PHP Injection

Added: 06/11/2012 CVE: CVE-2012-0297 BID: 53444 OSVDB: 82023 Background Symantec Web Gateway protects organizations against multiple types of Web-based malware and prevents data loss over the Web. Problem Symantec Web Gateway fails to properly sanitize user-supplied input passed to...

10CVSS7.1AI score0.72596EPSS
Exploits22
saint
saint
added 2012/03/28 12:0 a.m.36 views

Novell ZENworks Configuration Management Preboot Service Opcode 4c Vulnerability

Added: 03/28/2012 CVE: CVE-2011-3176 BID: 52659 OSVDB: 80231 Background Novell ZENworks Configuration Management is an IT desktop computer management suite that provides the ability to install, configure and administer desktop computers from a centralized location. The product is based on a...

10CVSS6.6AI score0.69667EPSS
Exploits13
saint
saint
added 2012/03/19 12:0 a.m.36 views

ASUS Net4Switch ipswcom.dll ActiveX Control Buffer Overflow

Added: 03/19/2012 BID: 52110 OSVDB: 79438 Background Asus manufactures computers, peripherals, computer components and network switches. Problem The Asus Net4Switch ipswcom.dll ActiveX component is vulnerable to buffer overflow as a result of failure to perform adequate boundary checks on...

7.8AI score
Exploits0
saint
saint
added 2012/02/09 12:0 a.m.36 views

Adobe Flash Player MP4 Sequence Parameter Set Processing

Added: 02/09/2012 CVE: CVE-2011-2140 BID: 49083 OSVDB: 74439 Background Adobe Flash Player is a cross-platform browser plug-in providing visual enhancements for web pages. Problem The Adobe Flash Player Sub1005B396 function allows command execution when a user opens a specially crafted .swf file...

10CVSS8.9AI score0.82258EPSS
Exploits15
saint
saint
added 2012/02/03 12:0 a.m.36 views

Oracle Outside In Library OOXML Overflow

Added: 02/03/2012 CVE: CVE-2012-0110 BID: 51452 OSVDB: 78411 Background Oracle Outside In is a a suite of software development kits that allows developers with a comprehensive solution to access, transform, and control the contents of over 500 unstructured file formats. Problem Outside In version...

4.4CVSS6.2AI score0.00356EPSS
Exploits4
saint
saint
added 2012/01/26 12:0 a.m.36 views

HP Easy Printer Care XMLCacheMgr Class ActiveX Control Remote Code Execution

Added: 01/26/2012 CVE: CVE-2011-4786 BID: 51396 OSVDB: 78306 Background HP Easy Printer Care Software is a tool to control and monitor up to 20 HP printers. Problem HP Easy Printer Care Software 2.5 and prior versions are vulnerable to remote code execution. The CacheDocumentXMLWithId method from...

9.3CVSS7.1AI score0.40986EPSS
Exploits9
saint
saint
added 2012/01/20 12:0 a.m.36 views

Citrix Provisioning Services Opcode 40020006 Integer Underflow

Added: 01/20/2012 BID: 49803 Background Citrix Provisioning Services dynamically provisions virtual servers to simplify and streamline server management, while reducing software rollout risk. Problem Citrix Provisioning Services 5.6 SP1 and prior are vulnerable to a remotely exploitable integer...

1AI score
Exploits0
saint
saint
added 2012/01/16 12:0 a.m.36 views

Trend Micro Control Manager AddTask buffer overflow

Added: 01/16/2012 CVE: CVE-2011-5001 BID: 50965 OSVDB: 77585 Background Trend Micro Control Manager streamlines administration of Trend Micro security solutions. Problem A buffer overflow vulnerability in the AddTask function allows remote attackers to execute arbitrary code by sending a speciall...

10CVSS7.8AI score0.64742EPSS
Exploits9
saint
saint
added 2011/12/28 12:0 a.m.36 views

Hastymail rs parameter command injection

Added: 12/28/2011 CVE: CVE-2011-4542 BID: 50791 OSVDB: 77331 Background Hastymail is a fast, secure, rfc-compliant, cross-platform IMAP/SMTP client application written in PHP providing a clean web interface for sending and reading E-mail. Problem Hastymail2 fails to properly sanitize user-supplie...

7.5CVSS7.1AI score0.24119EPSS
Exploits9
saint
saint
added 2011/11/08 12:0 a.m.36 views

Microsoft Excel Substream Parsing Integer Overflow

Added: 11/08/2011 CVE: CVE-2011-0097 OSVDB: 71758 Background Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows and Macintosh platforms. Problem Microsoft Excel 2007 versions lacking the patch KB2464583 detailed in Microsoft Security Advisory...

9.3CVSS7.2AI score0.38221EPSS
Exploits5
saint
saint
added 2011/11/08 12:0 a.m.36 views

Microsoft Excel Substream Parsing Integer Overflow

Added: 11/08/2011 CVE: CVE-2011-0097 OSVDB: 71758 Background Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows and Macintosh platforms. Problem Microsoft Excel 2007 versions lacking the patch KB2464583 detailed in Microsoft Security Advisory...

9.3CVSS7.2AI score0.38221EPSS
Exploits5
saint
saint
added 2011/09/13 12:0 a.m.36 views

Citrix Access Gateway NESPA ActiveX Control

Added: 09/13/2011 CVE: CVE-2011-2882 BID: 48676 OSVDB: 74191 Background Citrix Access Gateway is an application remote-access solution. Problem The Citrix Access Gateway installs an ActiveX plug-in on the user's browser. Plug-in versions 8.1-67.7, 9.0-70.5, and 9.1-96.4 are vulnerable to a stack...

9.3CVSS6.3AI score0.56368EPSS
Exploits10
saint
saint
added 2011/08/22 12:0 a.m.36 views

Adobe Flash Player ActionScript Function Arguments Code Execution

Added: 08/22/2011 CVE: CVE-2011-2110 BID: 48268 OSVDB: 73007 Background Adobe Flash Player is a cross-platform browser plug-in providing visual enhancements for web pages. Problem The Adobe Flash Player ActionScript Engine is vulnerable to an information leak that can be leveraged to execute...

10CVSS8.9AI score0.86421EPSS
Exploits11
saint
saint
added 2011/08/09 12:0 a.m.36 views

ESTsoft ALZip MIM File Handling Buffer Overflow

Added: 08/09/2011 CVE: CVE-2011-1336 BID: 48493 OSVDB: 73684 Background ESTsoft ALZip is a Windows-based file compression program that can unzip 40 different zip file archives. ALZip can zip files into 8 different archives such as ZIP, EGG, TAR and others. Problem ESTsoft ALZip 8.21 and earlier i...

9.3CVSS7.6AI score0.05539EPSS
Exploits4
Total number of security vulnerabilities4305