Lucene search
+L
SaintMost viewed

4305 matches found

saint
saint
•added 2008/12/11 12:0 a.m.•34 views

Windows search-ms protocol handler command execution vulnerability

Added: 12/11/2008 CVE: CVE-2008-4269 BID: 32652 OSVDB: 50566 Background The search-ms protocol allows applications to query the Windows Search index. Problem A vulnerability in Windows allows command execution when a user follows a specially crafted search-ms URL which passes arbitrary arguments ...

8.5CVSS6.5AI score0.20516EPSS
Exploits5
saint
saint
•added 2008/10/15 12:0 a.m.•34 views

Microsoft Host Integration Server SNA RPC authentication bypass

Added: 10/15/2008 CVE: CVE-2008-3466 BID: 31620 OSVDB: 49068 Background Microsoft Host Integration Server is an enabling technology which allows integration of applications and data with new Windows solutions. Problem A vulnerability in Microsoft Host Integration Server allows remote...

10CVSS6.9AI score0.77741EPSS
Exploits9
saint
saint
•added 2008/08/22 12:0 a.m.•34 views

WebEx Meeting Manager atucfobj.dll ActiveX buffer overflow

Added: 08/22/2008 CVE: CVE-2008-3558 BID: 30578 OSVDB: 47344 Background The WebEx Meeting Manager is automatically installed when a user starts or joins a meeting. Problem A buffer overflow vulnerability in the atucfobj.dll ActiveX control allows command execution when a user loads a web page whi...

9.3CVSS6.8AI score0.65391EPSS
Exploits8
saint
saint
•added 2008/04/25 12:0 a.m.•34 views

Borland StarTeam Multicast Service parse_request buffer overflow

Added: 04/25/2008 CVE: CVE-2008-0311 BID: 28602 OSVDB: 44039 Background Borland StarTeam is a software change and configuration management system. Problem A buffer overflow vulnerability in the PGMWebHandler::parserequest function in the StarTeam Multicast Service allows remote attackers to execu...

9.3CVSS7.8AI score0.31024EPSS
Exploits8
saint
saint
•added 2008/04/21 12:0 a.m.•34 views

Borland InterBase ibserver.exe Service Attach request buffer overflow

Added: 04/21/2008 CVE: CVE-2008-1910 BID: 28730 OSVDB: 44455 Background Borland Interbase is a database solution for Windows, Linux, and Solaris platforms. Problem A buffer overflow vulnerability in ibserver.exe allows remote attackers to execute arbitrary commands by sending a long, specially...

10CVSS8AI score0.07291EPSS
Exploits4
saint
saint
•added 2008/04/14 12:0 a.m.•34 views

HP Openview Network Node Manager ovwparser.dll buffer overflow

Added: 04/14/2008 CVE: CVE-2008-1697 BID: 28569 OSVDB: 43992 Background HP OpenView Network Node Manager is network availability and performance management software. Problem A vulnerability in ovwparser.dll allows remote attackers to execute arbitrary commands by sending a request for a long,...

10CVSS7.3AI score0.74345EPSS
Exploits10
saint
saint
•added 2008/04/04 12:0 a.m.•34 views

Microsoft Office Drawing Shapes memory corruption vulnerability

Added: 04/04/2008 CVE: CVE-2008-0118 BID: 28146 OSVDB: 42709 Background Microsoft Office is a package which provides word processing, spreadsheet, presentation, e-mail, and calendaring capabilities for Microsoft Windows workstations. Problem A memory corruption vulnerability allows command...

9.3CVSS9.6AI score0.34842EPSS
Exploits5
saint
saint
•added 2008/02/11 12:0 a.m.•34 views

Yahoo Music Jukebox MediaGrid ActiveX buffer overflow

Added: 02/11/2008 CVE: CVE-2008-0625 BID: 27578 OSVDB: 41051 Background Yahoo! Music Jukebox is a music player capable of playing, ripping, and burning MP3s and CDs, creating and sharing playlists, streaming radio stations, and purchasing music. Problem A buffer overflow vulnerability in the...

4.3CVSS7AI score0.08104EPSS
Exploits5
saint
saint
•added 2008/02/01 12:0 a.m.•34 views

Oracle XDB component PITRIG_TRUNCATE buffer overflow

Added: 02/01/2008 CVE: CVE-2008-0339 BID: 27229 OSVDB: 40300 Background The PITRIGTRUNCATE function is included in the XDB.XDBPITRIGPKG package which is included with Oracle Database. Problem A buffer overflow vulnerability in the PITRIGTRUNCATE function allows remote, authenticated attackers to...

10CVSS7.5AI score0.1453EPSS
Exploits4
saint
saint
•added 2008/01/16 12:0 a.m.•34 views

MySQL MaxDB cons.exe command injection

Added: 01/16/2008 CVE: CVE-2008-0244 BID: 27206 OSVDB: 40210 Background MaxDB is a SAP-certified open-source database developed by MySQL. Problem The MaxDB server handles the execsdbinfo command by invoking the cons.exe program through a system call without sufficiently checking the arguments for...

10CVSS6.8AI score0.80311EPSS
Exploits8
saint
saint
•added 2007/12/28 12:0 a.m.•34 views

Trend Micro ServerProtect RPCFN_CMON_SetSvcImpersonateUser buffer overflow

Added: 12/28/2007 CVE: CVE-2007-4218 BID: 25395 OSVDB: 39752 Background Trend Micro ServerProtect is a virus scanner for servers. Problem A buffer overflow in the ServerProtect service allows remote attackers to execute arbitrary commands by sending a specially crafted RPC request which is...

10CVSS7.8AI score0.13021EPSS
Exploits12
saint
saint
•added 2007/12/14 12:0 a.m.•34 views

ACDSee XPM file section string buffer overflow

Added: 12/14/2007 CVE: CVE-2007-6009 BID: 26554 OSVDB: 45278 Background ACDSee is a suite of products for viewing and organizing photos. Problem A buffer overflow vulnerability in the IDX.apl, IDEACDStd.apl, IDPSP.apl, and AMLHA.apl plug-ins could allow command execution when a user opens an XPM...

9.3CVSS6.9AI score0.03927EPSS
Exploits5
saint
saint
•added 2007/12/03 12:0 a.m.•34 views

MIT Kerberos 5 RPC library RPCSEC_GSS buffer overflow

Added: 12/03/2007 CVE: CVE-2007-3999 BID: 25534 OSVDB: 37324 Background Kerberos is a network authentication protocol which provides strong authentication for client/server applications. MIT Kerberos 5 is a free implementation of this protocol. Problem A buffer overflow in the svcauthgssvalidate...

10CVSS9.5AI score0.10997EPSS
Exploits4
saint
saint
•added 2007/11/30 12:0 a.m.•34 views

Microsoft Color Management Module profile tag buffer overflow

Added: 11/30/2007 CVE: CVE-2005-1219 BID: 14214 OSVDB: 17830 Background The Microsoft Color Management Module helps programs achieve consistent display of colors. International Color Consortium ICC profiles are used to ensure that colors are represented accurately to users. Problem A buffer...

7.5CVSS6.8AI score0.49922EPSS
Exploits4
saint
saint
•added 2007/11/30 12:0 a.m.•34 views

QuickTime RTSP Content-Type header buffer overflow

Added: 11/30/2007 CVE: CVE-2007-6166 BID: 26549 OSVDB: 40876 Background QuickTime is a media player for Windows and Mac OS platforms. Problem A buffer overflow vulnerability in QuickTime allows command execution when a user opens an RTSP stream containing a specially crafted Content-Type header...

9.3CVSS6.8AI score0.41916EPSS
Exploits10
saint
saint
•added 2007/10/19 12:0 a.m.•34 views

Windows IE7 URI Handler command execution through Firefox

Added: 10/19/2007 CVE: CVE-2007-3896 BID: 25945 OSVDB: 41090 Background The shell32.dll library provides functions which handle interaction between Internet Explorer and the Windows shell. Problem The version of the shell32.dll library installed with Internet Explorer 7 does not properly validate...

9.3CVSS6.2AI score0.53831EPSS
Exploits7
saint
saint
•added 2007/10/19 12:0 a.m.•34 views

Windows IE7 URI Handler command execution through Firefox

Added: 10/19/2007 CVE: CVE-2007-3896 BID: 25945 OSVDB: 41090 Background The shell32.dll library provides functions which handle interaction between Internet Explorer and the Windows shell. Problem The version of the shell32.dll library installed with Internet Explorer 7 does not properly validate...

9.3CVSS6.2AI score0.53831EPSS
Exploits7
saint
saint
•added 2007/10/11 12:0 a.m.•34 views

Microsoft SQL Server Distributed Management Objects buffer overflow

Added: 10/11/2007 CVE: CVE-2007-4814 BID: 25594 OSVDB: 38399 Background Microsoft SQL Server includes a Distributed Management Object model which offers a modern, object-oriented alternative to using stored procedures. The Distributed Management Object model is implemented by the sqldmo.dll Activ...

7.5CVSS7.2AI score0.4571EPSS
Exploits5
saint
saint
•added 2007/09/20 12:0 a.m.•34 views

Symantec Norton NavComUI ActiveX control vulnerability

Added: 09/20/2007 CVE: CVE-2007-2955 BID: 24983 OSVDB: 36477 Background The Symantec Norton product suite includes antivirus, firewall, and other security functions. Problem Vulnerabilities in the AxSysListView32 and AxSysListView32OAA ActiveX controls, implemented by the NavComUI.dll library...

6.8CVSS6.7AI score0.0405EPSS
Exploits4
saint
saint
•added 2007/08/10 12:0 a.m.•34 views

Novell Client 4.91 SP4 nwspool.dll buffer overflow

Added: 08/10/2007 CVE: CVE-2007-6701 BID: 25092 OSVDB: 37319 Background Novell Client software provides NetWare connectivity to Windows platforms. Problem The nwspool.dll library in Novell Client is affected by buffer overflow vulnerabilities in several different functions, allowing remote...

10CVSS8AI score0.0717EPSS
Exploits6
saint
saint
•added 2007/08/02 12:0 a.m.•34 views

Ipswitch IMail IMAP SUBSCRIBE command buffer overflow

Added: 08/02/2007 CVE: CVE-2007-3927 BID: 24962 OSVDB: 36222 Background IMail is an e-mail server for Windows platforms. Problem A buffer overflow vulnerability in the IMAP service could allow an authenticated attacker to execute arbitrary commands by sending a specially crafted SUBSCRIBE command...

10CVSS7.5AI score0.21893EPSS
Exploits4
saint
saint
•added 2007/07/09 12:0 a.m.•34 views

Snort DCE/RPC preprocessor buffer overflow

Added: 07/09/2007 CVE: CVE-2006-5276 BID: 22616 OSVDB: 32094 Background Snort is an open-source intrusion detection system. It includes a DCE/RPC preprocessor, which reassembles DCE/RPC traffic before it is passed to the intrusion detection engine. Problem A buffer overflow vulnerability in the...

10CVSS7.7AI score0.79319EPSS
Exploits15
saint
saint
•added 2007/05/16 12:0 a.m.•34 views

Trend Micro ServerProtect EarthAgent RPC buffer overflow

Added: 05/16/2007 CVE: CVE-2007-2508 BID: 23866 OSVDB: 35789 Background Trend Micro ServerProtect is a virus scanner for servers. It includes the EarthAgent daemon which listens for connections on port 3628/TCP. Problem A buffer overflow vulnerability in the EarthAgent daemon allows remote...

10CVSS7.7AI score0.77194EPSS
Exploits18
saint
saint
•added 2007/04/25 12:0 a.m.•34 views

Oracle Database Advanced Replication component DBMS_SNAP_INTERNAL overflow

Added: 04/25/2007 CVE: CVE-2007-2116 BID: 23532 OSVDB: 39933 Background Package DBMSSNAPINTERNAL of schema SYS is an Advanced Replication component used internally by Oracle Database. Problem A buffer overflow vulnerability in DBMSSNAPINTERNAL allows remote attackers to execute arbitrary commands...

9CVSS7.7AI score0.02946EPSS
Exploits4
saint
saint
•added 2007/04/16 12:0 a.m.•34 views

Windows DNS server RPC management interface buffer overflow

Added: 04/16/2007 CVE: CVE-2007-1748 BID: 23470 OSVDB: 34100 Background The Windows DNS service runs an RPC management interface which listens on a dynamically assigned TCP port. Problem A buffer overflow vulnerability in the Windows DNS service allows remote attackers to execute arbitrary comman...

10CVSS9.8AI score0.79128EPSS
Exploits17
saint
saint
•added 2007/03/30 12:0 a.m.•34 views

System V login argument array buffer overflow

Added: 03/30/2007 CVE: CVE-2001-0797 BID: 3681 OSVDB: 690 Background The login program is used by various applications for authentication to the system. Problem The login program dervied from System V is affected by a buffer overflow vulnerability when processing a long argument array. A remote...

10CVSS7.7AI score0.88836EPSS
Exploits27
saint
saint
•added 2007/03/16 12:0 a.m.•34 views

NetMail WebAdmin username buffer overflow

Added: 03/16/2007 CVE: CVE-2007-1350 BID: 22857 OSVDB: 33886 Background Novell NetMail WebAdmin is a web-based administration interface which runs an HTTP server on port 89/TCP. Problem A buffer overflow vulnerability in Novell NetMail WebAdmin allows remote attackers to execute arbitrary command...

6.8CVSS7.8AI score0.19398EPSS
Exploits5
saint
saint
•added 2007/03/15 12:0 a.m.•34 views

SupportSoft tgctlsi.dll ActiveX control buffer overflow

Added: 03/15/2007 CVE: CVE-2006-6490 BID: 22564 OSVDB: 33481 Background SupportSoft ActiveX controls are used by third-party products to provide remote technical support. Problem SupportSoft ActiveX controls are affected by multiple buffer overflow vulnerabilities which can lead to command...

10CVSS7.2AI score0.1034EPSS
Exploits4
saint
saint
•added 2007/03/02 12:0 a.m.•34 views

Trend Micro ServerProtect ENG_SendEMail buffer overflow

Added: 03/02/2007 CVE: CVE-2007-1070 BID: 22639 OSVDB: 33042 Background Trend Micro ServerProtect is a virus scanner for servers. Problem A buffer overflow vulnerability in the ENGSendEMail function allows remote attackers to execute arbitrary commands by sending a specially crafted RPC request...

10CVSS7.7AI score0.73767EPSS
Exploits27
saint
saint
•added 2007/02/09 12:0 a.m.•34 views

BrightStor ARCserve Backup Tape Engine opnum 0xCF buffer overflow

Added: 02/09/2007 CVE: CVE-2007-0169 BID: 22005 OSVDB: 31327 Background The BrightStor ARCserve Backup server includes a Backup Tape Engine feature which allows use of tape drives for storage. Problem A buffer overflow in BrightStor ARCserve Backup allows remote attackers to execute arbitrary...

7.5CVSS7.7AI score0.68809EPSS
Exploits16
saint
saint
•added 2007/01/17 12:0 a.m.•34 views

Microsoft PowerPoint malformed data record vulnerability

Added: 01/17/2007 CVE: CVE-2006-3876 BID: 20322 OSVDB: 29447 Background Microsoft PowerPoint is presentation software included in the Microsoft Office desktop suite. Problem Improper handling of malformed Data records in PowerPoint files allows command execution. Resolution Apply the patch...

9.3CVSS6.3AI score0.11423EPSS
Exploits4
saint
saint
•added 2006/12/08 12:0 a.m.•34 views

3Com TFTP server Transporting Mode buffer overflow

Added: 12/08/2006 CVE: CVE-2006-6183 BID: 21301 OSVDB: 30758 Background 3CTftpSvc by 3Com is a freeware implementation of the TFTP protocol for Windows. Problem A buffer overflow vulnerability in the 3Com TFTP server allows remote attackers to execute arbitrary commands by sending a long, special...

10CVSS7.8AI score0.7057EPSS
Exploits12
saint
saint
•added 2006/10/19 12:0 a.m.•34 views

BrightStor ARCserve discovery service ASBRDCST.DLL buffer overflow

Added: 10/19/2006 CVE: CVE-2006-5143 BID: 20365 OSVDB: 29534 Background The BrightStor ARCserve Backup server includes a discovery service which listens on ports 41523/TCP and 41524/UDP. Problem A buffer overflow vulnerability in the ASBRDCST.DLL library allows remote attackers to execute arbitra...

7.5CVSS7.7AI score0.78513EPSS
Exploits12
saint
saint
•added 2006/09/22 12:0 a.m.•34 views

WS_FTP XCRC buffer overflow

Added: 09/22/2006 CVE: CVE-2006-4847 BID: 20076 OSVDB: 28939 Background WSFTP Server is an FTP server for Windows platforms. Problem Buffer overflows in multiple FTP commands allow an authenticated attacker to execute arbitrary commands. Resolution Upgrade to WSFTP Server 5.05 Hotfix 1. Reference...

6.5CVSS7.1AI score0.85213EPSS
Exploits10
saint
saint
•added 2006/07/28 12:0 a.m.•34 views

Computer Associates License Service GCR buffer overflow

Added: 07/28/2006 CVE: CVE-2005-0581 BID: 12705 OSVDB: 14389 Background The License service comes with most Computer Associatesproducts and exchanges license information over ports 10202/tcp and 10203/tcp. Problem A buffer overflow vulnerability in the processing of GCR messages allows remote...

4.6CVSS7.3AI score0.46344EPSS
Exploits24
saint
saint
•added 2006/07/28 12:0 a.m.•34 views

Windows RASMAN registry corruption vulnerability

Added: 07/28/2006 CVE: CVE-2006-2371 BID: 18358 OSVDB: 26436 Background The Routing and Remote Access Service RRAS allows a Windows computer to act as a router, dial-up access server, VPN server, or network address translator. The Remote Access Connection Manager RASMAN service handles the detail...

7.5CVSS7.6AI score0.21943EPSS
Exploits6
saint
saint
•added 2006/07/26 12:0 a.m.•34 views

CS-MARS JBoss jmx-console access

Added: 07/26/2006 CVE: CVE-2006-3733 BID: 19075 OSVDB: 27419 Background The Cisco Security Monitoring, Analysis, and Response System CS-MARS recognizes and correlates network attacks. Problem CS-MARS includes the JBoss web application server with insufficient access control to the jmx-console...

7.5CVSS7.1AI score0.1176EPSS
Exploits4
saint
saint
•added 2006/07/21 12:0 a.m.•34 views

Computer Associates License Client PUTOLF buffer overflow

Added: 07/21/2006 CVE: CVE-2005-0582 BID: 12705 OSVDB: 14389 Background The CA License Client comes with most Computer Associates products. It uses ports 10202/tcp and 10203/tcp to exchange product license information. Problem A buffer overflow in the CA License Client allows remote command...

10CVSS7.1AI score0.3702EPSS
Exploits4
saint
saint
•added 2006/07/03 12:0 a.m.•34 views

IIS Unicode Directory Traversal

Added: 07/03/2006 CVE: CVE-2000-0884 BID: 1806 OSVDB: 436 Background Microsoft IIS is a web server for Windows platforms. Problem Microsoft IIS 4.0 and 5.0 allow path validation checks to be bypassed by encoding invalid characters in Unicode. For example, a slash character is represented as %c0%a...

7.5CVSS6.8AI score0.7055EPSS
Exploits4
saint
saint
•added 2006/06/01 12:0 a.m.•34 views

IMail IMAP DELETE command buffer overflow

Added: 06/01/2006 CVE: CVE-2004-1520 BID: 11675 OSVDB: 11838 Background IMail is an e-mail server for Windows platforms. Problem A buffer overflow in the IMAP service could allow remote attackers to execute commands by sending a long, specially crafted DELETE command. The attacker would need to...

4.6CVSS7.3AI score0.88509EPSS
Exploits12
saint
saint
•added 2006/05/30 12:0 a.m.•34 views

Novell eDirectory iMonitor NDS buffer overflow

Added: 05/30/2006 CVE: CVE-2006-2496 BID: 18026 OSVDB: 25781 Background iMonitor is a web service which is a component of Novell eDirectory. Problem A buffer overflow in iMonitor allows remote attackers to execute arbitrary commands by sending a long, specially crafted URL request in the NDS...

10CVSS7.8AI score0.09219EPSS
Exploits4
saint
saint
•added 2006/05/11 12:0 a.m.•34 views

AWStats migrate parameter command injection

Added: 05/11/2006 CVE: CVE-2006-2237 BID: 17844 OSVDB: 25284 Background AWStats is a web application for showing web, FTP, and mail server statistics. Problem AWStats uses the value of the migrate input parameter in a PERL open call without sufficient checks for invalid characters, allowing remot...

5.1CVSS6.6AI score0.58356EPSS
Exploits10
saint
saint
•added 2006/04/27 12:0 a.m.•34 views

Windows Cursor and Icon handling vulnerability

Added: 04/27/2006 CVE: CVE-2004-1049 BID: 12233 OSVDB: 12842 Background The LoadImage API in Microsoft Windows provides functions for loading cursors, animated cursors, and icons. Problem An integer overflow in the LoadImage API allows command execution when a user opens a specially crafted curso...

5.1CVSS6.6AI score0.29743EPSS
Exploits13
saint
saint
•added 2006/04/25 12:0 a.m.•34 views

Internet Explorer DHTML object vulnerability

Added: 04/25/2006 CVE: CVE-2005-0553 BID: 13120 OSVDB: 15465 Background Dynamic HTML DHTML allows the creation of interactive web pages. Problem Race conditions in various DHTML methods could allow command execution when a specially crafted web page is loaded in Internet Explorer. Resolution Appl...

5.1CVSS7.5AI score0.50604EPSS
Exploits5
saint
saint
•added 2006/04/25 12:0 a.m.•34 views

Internet Explorer DHTML object vulnerability

Added: 04/25/2006 CVE: CVE-2005-0553 BID: 13120 OSVDB: 15465 Background Dynamic HTML DHTML allows the creation of interactive web pages. Problem Race conditions in various DHTML methods could allow command execution when a specially crafted web page is loaded in Internet Explorer. Resolution Appl...

5.1CVSS7.5AI score0.50604EPSS
Exploits5
saint
saint
•added 2006/04/20 12:0 a.m.•34 views

Novell GroupWise Messenger Accept-Language buffer overflow

Added: 04/20/2006 CVE: CVE-2006-0992 BID: 17503 OSVDB: 24617 Background Novell GroupWise includes the Messaging Agent which offers an HTTP service on port 8300/TCP. Problem A buffer overflow in the Messaging Agent allows remote attackers to execute commands by sending a long, specially crafted...

10CVSS7.3AI score0.72833EPSS
Exploits12
saint
saint
•added 2006/04/05 12:0 a.m.•34 views

cachefsd heap overflow

Added: 04/05/2006 CVE: CVE-2002-0033 BID: 4674 OSVDB: 779 Background cachefsd is an RPC service which supports local caching of Network File Systems NFS, thereby improving performance on filesystems mounted from an NFS server. Problem A heap overflow in cachefsd allows remote command execution...

10CVSS7AI score0.23078EPSS
Exploits4
saint
saint
•added 2006/04/05 12:0 a.m.•34 views

VERITAS NetBackup VMD argument parsing vulnerability

Added: 04/05/2006 CVE: CVE-2006-0989 BID: 17264 OSVDB: 24172 Background VERITAS NetBackup is a backup and recovery solution for multiple platforms. Problem Volume Manager Daemon VMD is affected by a buffer overflow vulnerability when parsing arguments to various commands. This vulnerability allow...

9CVSS7.2AI score0.07927EPSS
Exploits4
saint
saint
•added 2006/03/07 12:0 a.m.•34 views

Microsoft Visual Studio .dbp and .sln buffer overflow

Added: 03/07/2006 CVE: CVE-2006-1043 BID: 16953 OSVDB: 23711 Background Microsoft Visual Studio is a product for facilitating software development on Windows operating systems. Problem A buffer overflow vulnerability leads to command execution when a specially crafted Database Project .dbp or...

5.1CVSS7AI score0.22396EPSS
Exploits5
saint
saint
•added 2006/03/02 12:0 a.m.•34 views

Novell ZENworks Remote Management authentication buffer overflow

Added: 03/02/2006 CVE: CVE-2005-1543 BID: 13678 OSVDB: 16698 Background Novell ZENworks is a resource management solution consisting of a management server and management agents. Problem The Novell ZENworks Remote Management service is affected by a buffer overflow when processing authentication...

7.5CVSS7.8AI score0.66876EPSS
Exploits7
Total number of security vulnerabilities4305