Lucene search
+L
SaintMost viewed

4305 matches found

saint
saint
•added 2012/11/23 12:0 a.m.•34 views

Java JAX-WS gmbal package sandbox breach

Added: 11/23/2012 CVE: CVE-2012-5076 BID: 56054 OSVDB: 86350 Background Java API for XML Web Services JAX-WS is a technology for developing web services in Java. It is included in the Java EE 5 platform. Problem A vulnerability in JAX-WS when handling the gmbal package allows code execution outsi...

10CVSS9.5AI score0.91013EPSS
Exploits18
saint
saint
•added 2012/10/22 12:0 a.m.•34 views

Avaya IP Office Customer Call Reporter ImageUpload.ashx file upload

Added: 10/22/2012 CVE: CVE-2012-3811 BID: 54225 OSVDB: 83399 Background Avaya IP Office is a unified communications solution for mobile workforce. Problem The ImageUpload.ashx script allows unauthenticated users to upload arbitrary script files to the webserver. The script files can then be...

10CVSS6.8AI score0.62876EPSS
Exploits8
saint
saint
•added 2012/10/09 12:0 a.m.•34 views

Novell ZENworks Asset Management rtrlet File Upload Traversal

Added: 10/09/2012 CVE: CVE-2011-2653 BID: 50966 OSVDB: 77583 Background Novell ZENworks is a resource management solution consisting of a management server and management agents. Problem The Asset Management module ZAM of ZENworks version 7.5 fails to validate the name of uploaded files via POST...

10CVSS6.6AI score0.73929EPSS
Exploits10
saint
saint
•added 2012/10/09 12:0 a.m.•34 views

Novell ZENworks Asset Management rtrlet File Upload Traversal

Added: 10/09/2012 CVE: CVE-2011-2653 BID: 50966 OSVDB: 77583 Background Novell ZENworks is a resource management solution consisting of a management server and management agents. Problem The Asset Management module ZAM of ZENworks version 7.5 fails to validate the name of uploaded files via POST...

10CVSS6.6AI score0.73929EPSS
Exploits10
saint
saint
•added 2012/09/07 12:0 a.m.•34 views

IBM Lotus Notes URL Handler Command Execution

Added: 09/07/2012 CVE: CVE-2012-2174 BID: 54070 OSVDB: 83063 Background Lotus Notes is the client for Lotus Domino servers. Problem Lotus Notes 8.5.3 and earlier is vulnerable to remote code execution when handling a specially crafted URL. A remote attacker can pass the -RPARAMS command line...

9.3CVSS7.4AI score0.38291EPSS
Exploits11
saint
saint
•added 2012/08/06 12:0 a.m.•34 views

HP Operations Agent Opcode 0x34 vulnerability

Added: 08/06/2012 CVE: CVE-2012-2019 BID: 54362 OSVDB: 83673 Background HP Operations Agents is a fault and performance monitoring solution for servers. Problem A buffer overflow vulnerability in the coda.exe process, which listens on a random TCP port, could allow remote attackers to execute...

10CVSS7.8AI score0.64685EPSS
Exploits8
saint
saint
•added 2012/07/30 12:0 a.m.•34 views

Citrix Provisioning Services streamprocess.exe 0x40020000 Opcode Integer Underflow

Added: 07/30/2012 BID: 49803 OSVDB: 75780 Background Citrix Provisioning Services dynamically provisions virtual servers to simplify and streamline server management, while reducing software rollout risk. Problem Citrix Provisioning Services up to and including version 5.6 Service Pack 1 are...

1AI score
Exploits0
saint
saint
•added 2012/05/21 12:0 a.m.•34 views

Firefox AttributeChildRemoved Use After Free

Added: 05/21/2012 CVE: CVE-2011-3659 BID: 51755 OSVDB: 78736 Background Firefox is a freely available web browser for multiple platforms including Windows, Linux, and Mac OS. Problem In Firefox version prior to 3.6.26, and 4.0 through 9.0, when removing child objects from the DOM tree, the remove...

10CVSS9.8AI score0.36511EPSS
Exploits9
saint
saint
•added 2012/05/18 12:0 a.m.•34 views

WebCalendar Pre-Auth PHP Code Execution

Added: 05/18/2012 CVE: CVE-2012-1495 BID: 53207 OSVDB: 80097 Background WebCalendar is a PHP-based calendar application that can be configured as a single-user calendar, a multi-user calendar for groups of users, or as an event calendar viewable by visitors. Problem WebCalendar fails to properly...

9.8CVSS9.8AI score0.79764EPSS
Exploits15
saint
saint
•added 2012/04/27 12:0 a.m.•34 views

Quest InTrust Annotation Objects ActiveX Control Add Method Vulnerability

Added: 04/27/2012 BID: 52765 OSVDB: 80662 Background InTrust collects, stores, reports and alerts on event log data from Windows, Unix and Linux systems. Problem Quest Intrust Annotation Objects ActiveX Control AnnotateX.dll is vulnerable to remote code execution due to an input validation error...

0.1AI score
Exploits0
saint
saint
•added 2012/04/25 12:0 a.m.•34 views

Microsoft Expression Design wintab32.dll Library Loading

Added: 04/25/2012 CVE: CVE-2012-0016 BID: 52375 OSVDB: 80001 Background Microsoft Expression Design is a commercial professional illustration vector and raster graphic design tool for web images. Problem Microsoft Expression Design contains a flaw in the way it loads dynamic-link libraries DLL. T...

9.3CVSS6.6AI score0.21892EPSS
Exploits5
saint
saint
•added 2012/03/28 12:0 a.m.•34 views

Novell ZENworks Configuration Management Preboot Service Opcode 4c Vulnerability

Added: 03/28/2012 CVE: CVE-2011-3176 BID: 52659 OSVDB: 80231 Background Novell ZENworks Configuration Management is an IT desktop computer management suite that provides the ability to install, configure and administer desktop computers from a centralized location. The product is based on a...

10CVSS6.7AI score0.69667EPSS
Exploits13
saint
saint
•added 2012/01/16 12:0 a.m.•34 views

Microsoft Office ClickOnce Unsafe Execution

Added: 01/16/2012 CVE: CVE-2012-0013 BID: 51284 OSVDB: 78207 Background ClickOnce is a deployment technology that allows developers to create self-updating Windows-based applications that can be installed and run with minimal user interaction. A ClickOnce application is any Windows Presentation...

9.3CVSS6.1AI score0.73753EPSS
Exploits14
saint
saint
•added 2012/01/10 12:0 a.m.•34 views

CoCSoft Stream Down Stack Overflow

Added: 01/10/2012 CVE: CVE-2011-5052 BID: 51190 OSVDB: 78043 Background CoCSoft Stream Down is a streaming media download tool. Problem The CoCSoft Stream Down HTTP client implementation in version 6.8 and prior does not properly validate HTTP responses. This vulnerability may allow an attacker t...

6.8CVSS6.3AI score0.30074EPSS
Exploits6
saint
saint
•added 2012/01/10 12:0 a.m.•34 views

CoCSoft Stream Down Stack Overflow

Added: 01/10/2012 CVE: CVE-2011-5052 BID: 51190 OSVDB: 78043 Background CoCSoft Stream Down is a streaming media download tool. Problem The CoCSoft Stream Down HTTP client implementation in version 6.8 and prior does not properly validate HTTP responses. This vulnerability may allow an attacker t...

6.8CVSS6.4AI score0.30074EPSS
Exploits6
saint
saint
•added 2011/10/31 12:0 a.m.•34 views

Symantec IM Manager IMAdminLDAPConfig.asp SQL injection

Added: 10/31/2011 CVE: CVE-2011-0553 BID: 49738 OSVDB: 75984 Background Symantec IM Manager is a solution for managing and securing instant-messaging traffic in an enterprise. Problem An SQL injection vulnerability in IMAdminLDAPConfig.asp allows remote, authenticated attackers to execute arbitra...

7.5CVSS7.8AI score0.01854EPSS
Exploits4
saint
saint
•added 2011/10/19 12:0 a.m.•34 views

Wireshark DECT Dissector Remote Stack Buffer Overflow

Added: 10/19/2011 CVE: CVE-2011-1591 BID: 47392 OSVDB: 71848 Background Wireshark is a network packet analyzer. Problem A buffer overflow vulnerability in the DECT dissector allows command execution when a user sends a specially crafted datagram over a network which is being analyzed by Wireshark...

9.3CVSS7.7AI score0.41744EPSS
Exploits18
saint
saint
•added 2011/08/29 12:0 a.m.•34 views

HP Easy Printer Care Software HPTicketMgr.dll ActiveX Control Remote Code Execution

Added: 08/29/2011 CVE: CVE-2011-2404 BID: 49100 OSVDB: 74510 Background HP Easy Printer Care Software is a tool to control and monitor up to 20 HP printers. Problem HP Easy Printer Care Software HPTicketMgr.dll is vulnerable to directory traversal due to insufficient input validation by the...

7.5CVSS6.7AI score0.7374EPSS
Exploits9
saint
saint
•added 2011/06/07 12:0 a.m.•34 views

HP Data Protector Client EXEC_CMD Command Execution

Added: 06/07/2011 CVE: CVE-2011-0923 BID: 46234 OSVDB: 72526 Background HP OpenView Storage Data Protector is a backup solution for enterprise and distributed environments. Problem The HP Data Protector Client is vulnerable to remote code execution as a result of insufficient input validation of...

10CVSS7.3AI score0.81081EPSS
Exploits30
saint
saint
•added 2011/06/03 12:0 a.m.•34 views

McAfee Firewall Reporter isValidClient Authentication Bypass

Added: 06/03/2011 BID: 47306 OSVDB: 71842 Background McAfee Firewall Reporter is an enterprise-class security event management SEM reporting solution. Problem McAfee Firewall Reporter versions 5.1.0.6 through 5.1.0.12 are vulnerable to an authentication bypass that may allow remote attackers to...

2.3AI score
Exploits0
saint
saint
•added 2011/05/09 12:0 a.m.•34 views

HP OpenView Storage Data Protector Backup Client Service GET_FILE Message Processing Overflow

Added: 05/09/2011 CVE: CVE-2011-1729 BID: 47638 OSVDB: 72188 Background HP OpenView Storage Data Protector is a backup solution for enterprise and distributed environments. Problem A remote code execution vulnerability exists in HP Data Protector Backup Client Service due to a buffer overflow in...

10CVSS7.5AI score0.13614EPSS
Exploits4
saint
saint
•added 2011/05/09 12:0 a.m.•34 views

HP OpenView Storage Data Protector Backup Client Service GET_FILE Message Processing Overflow

Added: 05/09/2011 CVE: CVE-2011-1729 BID: 47638 OSVDB: 72188 Background HP OpenView Storage Data Protector is a backup solution for enterprise and distributed environments. Problem A remote code execution vulnerability exists in HP Data Protector Backup Client Service due to a buffer overflow in...

10CVSS7.5AI score0.13614EPSS
Exploits4
saint
saint
•added 2011/04/01 12:0 a.m.•34 views

RealFlex RealWin FC_RFUSER_FCS_LOGIN Buffer Overflow

Added: 04/01/2011 CVE: CVE-2011-1563 BID: 46937 Background RealWin is a Supervisory Control and Data Acquisition SCADA server which is distributed by DATAC. Problem A buffer overflow vulnerability in RealWin Server allows remote attackers to execute arbitrary commands by sending a long, specially...

10CVSS7.6AI score0.74638EPSS
Exploits15
saint
saint
•added 2011/03/28 12:0 a.m.•34 views

Microsoft Office Groove Insecure Library Loading

Added: 03/28/2011 CVE: CVE-2010-3146 BID: 42695 OSVDB: 67484 Background Microsoft Office Groove is a collaboration-based software application that allows teams and organizations to work together regardless of physical or network location. Problem Microsoft Office Groove has a vulnerability due to...

9.3CVSS6.4AI score0.13715EPSS
Exploits5
saint
saint
•added 2011/03/14 12:0 a.m.•34 views

Microsoft Windows Media Player DVR-MS File Code Execution

Added: 03/14/2011 CVE: CVE-2011-0042 BID: 46680 OSVDB: 71016 Background Windows Media Player is an audio and video media player for Windows platforms. Problem A file parsing error in Windows Media Player allows command execution when a user opens a specially crafted Digital Video Recording DVR-MS...

9.3CVSS6.5AI score0.33276EPSS
Exploits4
saint
saint
•added 2011/02/23 12:0 a.m.•34 views

Symantec Alert Management System Intel Alert Handler modem string buffer overflow

Added: 02/23/2011 CVE: CVE-2010-0110 BID: 45936 Background The Symantec Alert Management System 2 AMS2 is used by multiple Symantec products. It includes an Intel Alert Handler service hndlrsvc.exe. This service handles messages forwarded to it by the Alert Originator Manager, which listens on po...

7.9CVSS7.6AI score0.0513EPSS
Exploits12
saint
saint
•added 2011/02/03 12:0 a.m.•34 views

Symantec Alert Management System PIN number buffer overflow

Added: 02/03/2011 CVE: CVE-2010-0110 BID: 45936 Background The Symantec Alert Management System 2 AMS2 is used by multiple Symantec products. It includes an Intel Alert Handler service hndlrsvc.exe. This service handles messages forwarded to it by the Alert Originator Manager, which listens on po...

7.9CVSS7.7AI score0.0513EPSS
Exploits12
saint
saint
•added 2011/01/26 12:0 a.m.•34 views

Freefloat FTP Server USER Command Buffer Overflow

Added: 01/26/2011 BID: 45181 OSVDB: 69621 Background Freefloat is a software series developed directly for handheld terminals. Freefloat FTP Server is a free FTP server for various versions of Windows including Windows CE/Pocket PC. Problem Freefloat FTP Server is vulnerable to a stack overflow a...

0.7AI score
Exploits0
saint
saint
•added 2011/01/26 12:0 a.m.•34 views

CA ARCserve D2D Axis2 default password

Added: 01/26/2011 CVE: CVE-2010-0219 BID: 45625 OSVDB: 70233 Background CA ARCserve D2D is a disk-based backup solution. Problem CA ARCserve D2D deploys Axis2 with default credentials which can be used to gain unauthorized access to the web application server. By then uploading a specially crafte...

10CVSS8.2AI score0.89871EPSS
Exploits17
saint
saint
•added 2010/12/10 12:0 a.m.•34 views

HP Data Protector Manager MMD Service Stack Buffer Overflow

Added: 12/10/2010 BID: 45128 Background HP Data Protector is a backup solution for enterprise and distributed environments. The Data Protector environment consists of a Cell Manager, backup agents, and backup device servers. The Cell Manager is the central point from which backup agents and devic...

2.3AI score
Exploits0
saint
saint
•added 2010/11/26 12:0 a.m.•34 views

Oracle Virtual Server Agent Command Injection

Added: 11/26/2010 CVE: CVE-2010-3582 BID: 44031 Background Oracle VM software provides virtualization technology that allows running multiple instances of x86 virtual computers simultaneously within the host operating system. It supports many Oracle and non-Oracle based systems such as Windows,...

9CVSS7.2AI score0.02381EPSS
Exploits4
saint
saint
•added 2010/11/08 12:0 a.m.•34 views

DATAC RealWin SCADA Server SCPC_INITIALIZE buffer overflow

Added: 11/08/2010 CVE: CVE-2010-4142 BID: 44150 OSVDB: 68812 Background RealWin is a Supervisory Control and Data Acquisition SCADA server which is distributed by DATAC. Problem A buffer overflow vulnerability allows remote attackers to execute arbitrary commands by sending a specially crafted...

10CVSS7.8AI score0.63573EPSS
Exploits12
saint
saint
•added 2010/10/20 12:0 a.m.•34 views

Microsoft Office Excel RTD Topic String Buffer Overflow

Added: 10/20/2010 CVE: CVE-2010-1246 BID: 40524 OSVDB: 65238 Background Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows platforms. Problem Microsoft Office Excel 2002 is vulnerable to a buffer overflow when parsing Real Time Data RTD Future...

9.3CVSS6.6AI score0.24669EPSS
Exploits9
saint
saint
•added 2010/10/07 12:0 a.m.•34 views

HP Data Protector Express DtbClsLogin function buffer overflow

Added: 10/07/2010 CVE: CVE-2010-3007 BID: 43105 OSVDB: 67973 Background HP Data Protector Express is a backup and recovery solution for single machines and small networks. Problem A buffer overflow vulnerability in dpwindtb.dll in the DtbClsLogin function allows remote attackers to execute...

7.2CVSS7.6AI score0.05518EPSS
Exploits8
saint
saint
•added 2010/09/02 12:0 a.m.•34 views

Trend Micro Internet Security Pro ActiveX Control extSetOwner code execution

Added: 09/02/2010 CVE: CVE-2010-3189 BID: 42717 OSVDB: 67561 Background Trend Micro Internet Security Pro is a virus protection and Internet security product for home users. Problem A vulnerability in the UfPBCtrl.dll ActiveX control allows command execution when a user loads a web page which cal...

9.3CVSS6.5AI score0.39216EPSS
Exploits14
saint
saint
•added 2010/07/12 12:0 a.m.•34 views

Novell iManager EnteredClassName buffer overflow

Added: 07/12/2010 CVE: CVE-2010-1929 BID: 40480 OSVDB: 65737 Background Novell iManager is a web-based management interface for other Novell products. Problem A buffer overflow vulnerability in jclient.dll allows remote attackers to execute arbitrary commands by sending a specially crafted...

9CVSS7.8AI score0.16097EPSS
Exploits10
saint
saint
•added 2010/06/17 12:0 a.m.•34 views

Novell ZENworks Configuration Management Preboot Service Code Execution

Added: 06/17/2010 BID: 39111 OSVDB: 65361 Background Novell ZENworks Configuration Management is an IT desktop computer management suite that provides the ability to install, configure and administer desktop computers from a centralized location. The product is based on a client/server...

2.6AI score
Exploits0
saint
saint
•added 2010/06/10 12:0 a.m.•34 views

Informix Dynamic Server librpc.dll credentials length buffer overflow

Added: 06/10/2010 CVE: CVE-2009-2753 BID: 38471 OSVDB: 62783 Background Informix Dynamic Server is a database solution from IBM. It includes a portmapper service which listens for connections on port 36890/TCP and uses librpc.dll. Problem A buffer overflow vulnerability in librpc.dll allows remot...

10CVSS7.9AI score0.10923EPSS
Exploits4
saint
saint
•added 2010/03/11 12:0 a.m.•34 views

Microsoft Excel DbOrParamQry memory corruption

Added: 03/11/2010 CVE: CVE-2010-0264 BID: 38555 OSVDB: 62823 Background Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows and Macintosh platforms. Problem A memory corruption vulnerability in Microsoft Excel allows command execution when a user...

9.3CVSS7.8AI score0.21221EPSS
Exploits5
saint
saint
•added 2009/11/20 12:0 a.m.•34 views

IBM Tivoli Storage Manager Client CAD Service Buffer Overflow

Added: 11/20/2009 CVE: CVE-2009-3853 OSVDB: 59632 Background IBM Tivoli Storage Manager TSM provides centralized management for automated backup and restoration operations. It runs a Client Acceptor Daemon CAD on port 1582/TCP. Problem The vulnerability is caused by an input validation error in t...

9.3CVSS6.5AI score0.36717EPSS
Exploits8
saint
saint
•added 2009/11/06 12:0 a.m.•34 views

Symantec Multiple Products AeXNSConsoleUtilities Buffer Overflow

Added: 11/06/2009 CVE: CVE-2009-3031 BID: 36698 OSVDB: 59597 Background Symantec Altiris Deployment Solution provides tools to deploy software on desktops and servers. Problem A stack buffer overflow vulnerability in the AeXNSConsoleUtilities.dll ActiveX control allows remote attackers to execute...

9.3CVSS7.7AI score0.45435EPSS
Exploits16
saint
saint
•added 2009/10/21 12:0 a.m.•34 views

HP LoadRunner XUpload ActiveX control MakeHttpRequest file download

Added: 10/21/2009 CVE: CVE-2009-3693 BID: 36550 Background HP LoadRunner is a software performance testing solution. HP LoadRunner includes the XUpload.ocx ActiveX control for performing file exchanges. Problem The MakeHttpRequest method in the XUpload.ocx ActiveX control can be used to download...

9.3CVSS6.9AI score0.4158EPSS
Exploits9
saint
saint
•added 2009/10/02 12:0 a.m.•34 views

EMC Captiva QuickScan Pro KeyHelp ActiveX Control JumpURL buffer overflow

Added: 10/02/2009 BID: 36546 OSVDB: 58423 Background EMC Captiva QuickScan Pro is a document capture solution. It includes KeyHelp, a free ActiveX control used for enhancing HTML help systems. Problem A buffer overflow vulnerability in the KeyHelp ActiveX Control allows command execution when a...

0.4AI score
Exploits0
saint
saint
•added 2009/09/11 12:0 a.m.•34 views

VideoLAN VLC Media Player SMB Module Win32AddConnection Buffer Overflow

Added: 09/11/2009 CVE: CVE-2009-2484 BID: 35500 OSVDB: 55509 Background VLC media player is a media player supporting various audio and video formats for multiple platforms. Problem A stack-based buffer overflow vulnerability in the Win32AddConnection function may allow a remote attacker to execu...

9.3CVSS7.7AI score0.3511EPSS
Exploits7
saint
saint
•added 2009/08/24 12:0 a.m.•34 views

Microsoft Office Web Components OWC.Spreadsheet BorderAround vulnerability

Added: 08/24/2009 CVE: CVE-2009-2496 BID: 35991 OSVDB: 56915 Background Microsoft Office Web Components OWC are a group of OLE classes implemented as ActiveX controls. Problem A heap corruption vulnerability in the OWC10.Spreadsheet ActiveX control allows command execution when a user opens a web...

9.3CVSS6.6AI score0.29462EPSS
Exploits4
saint
saint
•added 2009/05/21 12:0 a.m.•34 views

Microsoft PowerPoint 2000 CurrentUserAtom buffer overflow

Added: 05/21/2009 CVE: CVE-2009-1131 BID: 34841 OSVDB: 54393 Background Microsoft PowerPoint is presentation software included in the Microsoft Office desktop suite. Problem A buffer overflow vulnerability in Microsoft PowerPoint allows command execution when a user opens a presentation containin...

9.3CVSS6.8AI score0.35927EPSS
Exploits5
saint
saint
•added 2009/04/23 12:0 a.m.•34 views

Microsoft Excel SST record code execution

Added: 04/23/2009 CVE: CVE-2009-0238 BID: 33870 OSVDB: 52695 Background Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows and Macintosh platforms. Problem A vulnerability in Microsoft Excel allows command execution when a user opens a spreadshee...

9.3CVSS6.4AI score0.43063EPSS
Exploits4
saint
saint
•added 2009/03/12 12:0 a.m.•34 views

Tivoli Storage Manager heap corruption

Added: 03/12/2009 CVE: CVE-2008-4563 BID: 34077 Background IBM Tivoli Storage Manager TSM provides centralized management for automated backup and restoration operations. Problem A heap overflow allows remote attackers to execute arbitrary commands. Resolution Apply the workaround or solution...

10CVSS7.4AI score0.28987EPSS
Exploits5
saint
saint
•added 2009/02/06 12:0 a.m.•34 views

Oracle Database OLAP component ODCITABLESTART buffer overflow

Added: 02/06/2009 CVE: CVE-2008-3974 BID: 33177 OSVDB: 51347 Background The Online Analytical Processing OLAP component of Oracle Database is a set of stored procedures used for multi-dimensional analytical queries. Problem A buffer overflow vulnerability in the ODCITABLESTART function allows...

4CVSS7.3AI score0.0135EPSS
Exploits4
saint
saint
•added 2008/12/24 12:0 a.m.•34 views

Computer Associates License Service invalid command buffer overflow

Added: 12/24/2008 CVE: CVE-2005-0581 BID: 12705 OSVDB: 14389 Background The License service comes with most Computer Associatesproducts and exchanges license information over ports 10202/tcp and 10203/tcp. Problem A buffer overflow vulnerability allows a remote attacker to execute arbitrary...

4.6CVSS7.5AI score0.46344EPSS
Exploits24
Total number of security vulnerabilities4305