Lucene search
+L
SaintMost viewed

4305 matches found

saint
saint
•added 2013/03/18 12:0 a.m.•31 views

SonicWall Multiple Products skipSessionCheck Authentication Bypass

Added: 03/18/2013 CVE: CVE-2013-1359 BID: 57445 OSVDB: 89347 Background Dell SonicWALL has several management and reporting solutions which provide a centralized architecture for creating and managing security policies, providing real-time monitoring and alerts, and delivering compliance and usag...

10CVSS9.6AI score0.89402EPSS
Exploits9
saint
saint
•added 2013/03/15 12:0 a.m.•31 views

VMware OVF Tool Format String

Added: 03/15/2013 CVE: CVE-2012-3569 BID: 56468 OSVDB: 87117 Background VMware is a suite of products supporting the creation and operation of virtual machines, which are self-contained, independent guest operating systems running within a host operating system. Problem The Windows variants of...

9.3CVSS6.2AI score0.47719EPSS
Exploits12
saint
saint
•added 2013/03/11 12:0 a.m.•31 views

Cool PDF Reader Image Stream Stack Overflow

Added: 03/11/2013 CVE: CVE-2012-4914 BID: 57461 OSVDB: 89349 Background Cool PDF Reader is a small viewer/reader that can view, print, and convert PDF files to TXT, BMP, JPG, GIF, PNG, WMF, EMF, EPS. Problem Cool PDF Reader versions 3.0.2.256 and prior do not perform proper bounds checking on ima...

9.3CVSS7.3AI score0.28391EPSS
Exploits11
saint
saint
•added 2012/10/26 12:0 a.m.•31 views

HP Operations Agent for NonStop Server ELinkService HEALTH packet buffer overflow

Added: 10/26/2012 BID: 55161 OSVDB: 84854 Background HP Operations Agents is a fault and performance monitoring solution for servers. Problem A buffer overflow vulnerability in HP Operations Agent for NonStop server allows an attacker to execute arbitrary commands by sending a specially crafted...

8.1AI score
Exploits0
saint
saint
•added 2012/10/22 12:0 a.m.•31 views

Avaya IP Office Customer Call Reporter ImageUpload.ashx file upload

Added: 10/22/2012 CVE: CVE-2012-3811 BID: 54225 OSVDB: 83399 Background Avaya IP Office is a unified communications solution for mobile workforce. Problem The ImageUpload.ashx script allows unauthenticated users to upload arbitrary script files to the webserver. The script files can then be...

10CVSS6.8AI score0.62876EPSS
Exploits8
saint
saint
•added 2012/08/22 12:0 a.m.•31 views

Lotus Notes iNotes Attachment_Times ActiveX Overflow

Added: 08/22/2012 CVE: CVE-2012-2175 BID: 53879 OSVDB: 82755 Background Lotus Notes is the client for Lotus Domino servers. iNotes is a web-based alternative to the Notes client. Problem The iNotes ActiveX control does not properly validate the user-supplied values for the attachmenttimes...

9.3CVSS6.4AI score0.29436EPSS
Exploits9
saint
saint
•added 2012/07/16 12:0 a.m.•31 views

Apple QuickTime QTVRStringAtom stringLength Parameter QTVR Movie File Handling

Added: 07/16/2012 CVE: CVE-2012-0667 BID: 53583 OSVDB: 81938 Background QuickTime is a media player for Windows and Mac OS platforms. Problem Apple QuickTime 7.7.1 and earlier versions are vulnerable to remote code execution if the user is persuaded to open a specially crafted QTVR movie file. Th...

9.3CVSS7AI score0.03442EPSS
Exploits6
saint
saint
•added 2012/05/21 12:0 a.m.•31 views

Firefox DOMAttrModified nsSVGValue Observer Handling Out-of-bounds Memory Access

Added: 05/21/2012 CVE: CVE-2011-3658 BID: 51138 OSVDB: 77953 Background Firefox is a freely available web browser for multiple platforms including Windows, Linux, and Mac OS. Problem A flaw in the Mozilla SVG implementation could result in an out-of-bounds memory access and possible remote code...

7.5CVSS9.8AI score0.69882EPSS
Exploits10
saint
saint
•added 2012/05/09 12:0 a.m.•31 views

Ricoh DC Software DL-10 FTP Server USER Remote Code Execution

Added: 05/09/2012 BID: 52235 OSVDB: 79691 Background Various cameras e.g. CX1-6, G700, G700SE provided by Ricoh support transfering images to a PC over FTP. Ricoh supplies a small FTP server called SR-10 / Capftpd which enables users to transfer images from camera to computer. Problem The flaw is...

7.6AI score
Exploits0
saint
saint
•added 2012/04/13 12:0 a.m.•31 views

Tivoli Provisioning Manager Express ActiveX RunAndUploadFile vulnerability

Added: 04/13/2012 CVE: CVE-2012-0198 BID: 52252 OSVDB: 79735 Background Tivoli Provisioning Manager Express for Software Distribution is a software inventory and distribution solution. Problem A buffer overflow vulnerability in the RunAndUploadFile method in the Isig.isigCtl.1 ActiveX control...

9.3CVSS7AI score0.37437EPSS
Exploits6
saint
saint
•added 2012/02/25 12:0 a.m.•31 views

Browser Find toolbar phishing attack

Added: 02/25/2012 Background This tool serves a page claiming to be a list of stolen passwords. When a user sees this list, the most common response is to validate the claim by opening a Find box Ctrl-F and searching for his or her own password. The tool intercepts the Ctrl-F keypress and opens a...

7.2AI score
Exploits0
saint
saint
•added 2012/01/12 12:0 a.m.•31 views

Microsoft PowerPoint Floating Point Techno-color Time Bandit vulnerability

Added: 01/12/2012 CVE: CVE-2011-0655 BID: 47252 OSVDB: 71771 Background Microsoft PowerPoint is presentation software included in the Microsoft Office desktop suite. Problem The vulnerability is caused when PowerPoint reads an invalid record in a specially crafted PowerPoint file. A remote attack...

9.3CVSS6.6AI score0.22593EPSS
Exploits5
saint
saint
•added 2012/01/10 12:0 a.m.•31 views

Chrome Password Grabber

Added: 01/10/2012 Background This tool grabs the saved passwords in the Chrome browser of the target's logged in user. Limitations Password Hash Grabber works on Windows targets. A connection to the target is required to run this tool. The target must have the .NET runtime 2.0 or higher. Platform...

0.1AI score
Exploits0
saint
saint
•added 2011/12/23 12:0 a.m.•31 views

Microsys Promotic PmTrendViewer ActiveX Control SaveCfg Stack Buffer Overflow

Added: 12/23/2011 OSVDB: 76396 Background Microsys Promotic is a SCADA object software tool for creating applications that monitor, control and display technological processes in various industrial areas. Promotic includes support for a web interface designed for Microsoft Windows. Problem Micros...

8.1AI score
Exploits0
saint
saint
•added 2011/10/31 12:0 a.m.•31 views

Symantec IM Manager IMAdminLDAPConfig.asp SQL injection

Added: 10/31/2011 CVE: CVE-2011-0553 BID: 49738 OSVDB: 75984 Background Symantec IM Manager is a solution for managing and securing instant-messaging traffic in an enterprise. Problem An SQL injection vulnerability in IMAdminLDAPConfig.asp allows remote, authenticated attackers to execute arbitra...

7.5CVSS7.8AI score0.01854EPSS
Exploits4
saint
saint
•added 2011/10/11 12:0 a.m.•31 views

Wireshark DECT Dissector PCAP File Processing Overflow

Added: 10/11/2011 CVE: CVE-2011-1591 BID: 47392 OSVDB: 71848 Background Wireshark is a network packet analyzer. Problem A buffer overflow vulnerability in the DECT dissector epan/dissectors/packet-dect.c allows command execution via a specially crafted .pcap file. Resolution Upgrade to Wireshark...

9.3CVSS7.8AI score0.41744EPSS
Exploits18
saint
saint
•added 2011/09/26 12:0 a.m.•31 views

Freefloat FTPD Invalid Command Overflow

Added: 09/26/2011 BID: 48704 Background Freefloat is a software series developed directly for handheld terminals. Freefloat FTP Server is a free FTP server for various versions of Windows including Windows CE/Pocket PC. Problem Freefloat FTP Server is vulnerable to a stack overflow as a result of...

0.4AI score
Exploits0
saint
saint
•added 2011/09/19 12:0 a.m.•31 views

EMC Autostart ftAgent Overflow

Added: 09/19/2011 CVE: CVE-2011-2735 BID: 49238 OSVDB: 74597 Background EMC AutoStart is a cross-platform high-availability clustering solution. Problem The Agent Service of EMC AutoStart listens on TCP port 8045 and is vulnerable to a heap overflow when parsing malformed messages with opcode 0x1...

7.9CVSS6.6AI score0.02335EPSS
Exploits4
saint
saint
•added 2011/08/29 12:0 a.m.•31 views

HP Easy Printer Care Software HPTicketMgr.dll ActiveX Control Remote Code Execution

Added: 08/29/2011 CVE: CVE-2011-2404 BID: 49100 OSVDB: 74510 Background HP Easy Printer Care Software is a tool to control and monitor up to 20 HP printers. Problem HP Easy Printer Care Software HPTicketMgr.dll is vulnerable to directory traversal due to insufficient input validation by the...

7.5CVSS6.7AI score0.7374EPSS
Exploits9
saint
saint
•added 2011/08/08 12:0 a.m.•31 views

Oracle Java Runtime Environment Insecure File Loading

Added: 08/08/2011 OSVDB: 74330 Background The Java Runtime Environment JRE is part of the Java Development Kit JDK, a set of programming tools for developing Java applications. The Java Runtime Environment provides the minimum requirements for executing a Java application; it consists of the Java...

0.1AI score
Exploits0
saint
saint
•added 2011/04/18 12:0 a.m.•31 views

HP OpenView Network Node Manager malformed displayWidth option to jovgraph.exe

Added: 04/18/2011 CVE: CVE-2011-0261 BID: 45762 OSVDB: 70469 Background HP OpenView Network Node Manager is network availability and performance management software. Problem A buffer overflow vulnerability in jovgraph.exe allows remote attackers to execute arbitrary commands by sending an overly...

10CVSS7.7AI score0.1582EPSS
Exploits4
saint
saint
•added 2011/04/18 12:0 a.m.•31 views

HP OpenView Network Node Manager malformed displayWidth option to jovgraph.exe

Added: 04/18/2011 CVE: CVE-2011-0261 BID: 45762 OSVDB: 70469 Background HP OpenView Network Node Manager is network availability and performance management software. Problem A buffer overflow vulnerability in jovgraph.exe allows remote attackers to execute arbitrary commands by sending an overly...

10CVSS7.7AI score0.1582EPSS
Exploits4
saint
saint
•added 2011/03/14 12:0 a.m.•31 views

Microsoft Windows Media Player DVR-MS File Code Execution

Added: 03/14/2011 CVE: CVE-2011-0042 BID: 46680 OSVDB: 71016 Background Windows Media Player is an audio and video media player for Windows platforms. Problem A file parsing error in Windows Media Player allows command execution when a user opens a specially crafted Digital Video Recording DVR-MS...

9.3CVSS6.5AI score0.33276EPSS
Exploits4
saint
saint
•added 2011/01/07 12:0 a.m.•31 views

Microsoft WMI Administrative Tools ActiveX Control AddContextRef vulnerability

Added: 01/07/2011 CVE: CVE-2010-3973 BID: 45546 OSVDB: 69942 Background Microsoft WMI Administrative Tools is a tool suite containing WMI CIM Studio, WMI Object Browser, WMI Event Registration Tool, and WMI Event Viewer. Problem A vulnerability in the WMI Object Viewer ActiveX control...

9.3CVSS6.4AI score0.71735EPSS
Exploits7
saint
saint
•added 2010/12/28 12:0 a.m.•31 views

HP Power Manager formLogin buffer overflow

Added: 12/28/2010 CVE: CVE-2010-4113 OSVDB: 69969 Background HP Power Manager is a web-based application that enables administrators to manage an HP UPS from a browser-based management console. Problem A buffer overflow vulnerability in the Administration interface allows remote attackers to...

9.3CVSS7.7AI score0.09722EPSS
Exploits4
saint
saint
•added 2010/12/16 12:0 a.m.•31 views

Internet Explorer HTML+TIME element OuterText memory corruption

Added: 12/16/2010 CVE: CVE-2010-3346 BID: 45261 OSVDB: 69829 Background The HTML+TIME component of Internet Explorer adds timing and media synchronization support to HTML pages. Problem A memory corruption vulnerability in the HTML+TIME component allows command execution when a user loads a...

9.3CVSS6.4AI score0.28886EPSS
Exploits4
saint
saint
•added 2010/11/24 12:0 a.m.•31 views

Novell iPrint Client ActiveX Control GetDriverSettings buffer overflow

Added: 11/24/2010 CVE: CVE-2010-4321 BID: 44966 OSVDB: 69357 Background Novell iPrint is an application which allows users to install and manage printers. Novell iPrint installs the Novell iPrint Client ActiveX control named ienipp.ocx. Problem A buffer overflow vulnerability in the Novell iPrint...

9.3CVSS6.8AI score0.32951EPSS
Exploits11
saint
saint
•added 2010/11/16 12:0 a.m.•31 views

Internet Explorer CSS clip attribute memory corruption

Added: 11/16/2010 CVE: CVE-2010-3962 BID: 44536 OSVDB: 68987 Background Cascading Style Sheets CSS is a simple mechanism for adding style to web documents. Problem A memory corruption vulnerability allows command execution when a user loads a web page containing a CSS clip attribute with a specif...

9.3CVSS6.6AI score0.96889EPSS
Exploits14
saint
saint
•added 2010/11/16 12:0 a.m.•31 views

Internet Explorer CSS clip attribute memory corruption

Added: 11/16/2010 CVE: CVE-2010-3962 BID: 44536 OSVDB: 68987 Background Cascading Style Sheets CSS is a simple mechanism for adding style to web documents. Problem A memory corruption vulnerability allows command execution when a user loads a web page containing a CSS clip attribute with a specif...

9.3CVSS6.7AI score0.96889EPSS
Exploits14
saint
saint
•added 2010/08/25 12:0 a.m.•31 views

Novell iPrint Client ActiveX control call-back-url buffer overflow

Added: 08/25/2010 CVE: CVE-2010-1527 BID: 42576 Background Novell iPrint is an application which allows users to install and manage printers. Novell iPrint installs the Novell iPrint Control ActiveX control named ienipp.ocx. Problem A buffer overflow vulnerability allows command execution when a...

9.3CVSS6.7AI score0.35987EPSS
Exploits18
saint
saint
•added 2010/08/23 12:0 a.m.•31 views

HP OpenView NNM getnnmdata.exe CGI ICount Parameter Buffer Overflow

Added: 08/23/2010 CVE: CVE-2010-1554 BID: 40071 OSVDB: 64976 Background HP OpenView Network Node Manager is network availability and performance management software. Problem A buffer overflow vulnerability in Network Node Manager allows remote attackers to execute arbitrary commands by sending a...

10CVSS7.7AI score0.67786EPSS
Exploits13
saint
saint
•added 2010/08/05 12:0 a.m.•31 views

Apache Struts2 XWork ParameterInterceptor security bypass

Added: 08/05/2010 CVE: CVE-2010-1870 BID: 41592 OSVDB: 66280 Background Apache Struts is a Java web application framework. Apache Struts version 2 is based on WebWork 2. WebWork 2 uses XWork to invoke actions based on HTTP parameter names. The ParameterInterceptor component of XWork runs the...

5CVSS9.9AI score0.91079EPSS
Exploits22
saint
saint
•added 2010/08/03 12:0 a.m.•31 views

Novell GroupWise Internet Agent IMAP Service Stack Buffer Overflow

Added: 08/03/2010 CVE: CVE-2010-2777 BID: 41704 OSVDB: 66623 Background Novell GroupWise is an e-mail and collaboration product suite. Problem A buffer overflow vulnerability exists within the IMAP component of the Novell GroupWise Internet Agent service and is due to a boundary error while...

9CVSS6.6AI score0.10388EPSS
Exploits4
saint
saint
•added 2010/06/10 12:0 a.m.•31 views

Informix Dynamic Server librpc.dll credentials length buffer overflow

Added: 06/10/2010 CVE: CVE-2009-2753 BID: 38471 OSVDB: 62783 Background Informix Dynamic Server is a database solution from IBM. It includes a portmapper service which listens for connections on port 36890/TCP and uses librpc.dll. Problem A buffer overflow vulnerability in librpc.dll allows remot...

10CVSS7.9AI score0.10923EPSS
Exploits4
saint
saint
•added 2010/04/27 12:0 a.m.•31 views

RealNetworks Helix Server AgentX receive_agentx Stack Buffer Overflow

Added: 04/27/2010 CVE: CVE-2010-1318 BID: 39564 OSVDB: 63919 Background RealNetworks Helix Server is a media server supporting multiple formats and platforms. Problem A stack buffer overflow vulnerability exists in RealNetworks Helix Server due to a boundary error in the AgentX::receiveagentx...

10CVSS7.7AI score0.58051EPSS
Exploits12
saint
saint
•added 2010/03/09 12:0 a.m.•31 views

Cross-site scripting cookie theft

Added: 03/09/2010 Background Many web sites include scripts, which are lists of commands which, when executed in sequence, provide some enhancement to a web page. Web browsers are able to recognize scripts in web pages by the tag and handle them accordingly. Problem By sending an HTTP request...

0.1AI score
Exploits0
saint
saint
•added 2010/03/04 12:0 a.m.•31 views

Microsoft Office PowerPoint Viewer TextBytesAtom Record Buffer Overflow

Added: 03/04/2010 CVE: CVE-2010-0033 BID: 38107 OSVDB: 62241 Background Microsoft PowerPoint Viewer 2003 is a free tool which allows viewing of Microsoft PowerPoint presentations without requiring Microsoft PowerPoint itself. Problem A stack overflow vulnerability in the handling of TextBytesAtom...

9.3CVSS6.8AI score0.51073EPSS
Exploits8
saint
saint
•added 2010/02/17 12:0 a.m.•31 views

Wireshark LWRES dissector buffer overflow

Added: 02/17/2010 CVE: CVE-2010-0304 BID: 37985 OSVDB: 61987 Background Wireshark is a network packet analyzer. Problem A buffer overflow vulnerability in the LWRES dissector allows command execution when a user sends a specially crafted datagram over a network which is being analyzed by Wireshar...

7.5CVSS6.7AI score0.73666EPSS
Exploits12
saint
saint
•added 2010/02/12 12:0 a.m.•31 views

Microsoft PowerPoint OEPlaceholderAtom placementId memory corruption

Added: 02/12/2010 CVE: CVE-2010-0031 BID: 38103 OSVDB: 62237 Background Microsoft PowerPoint is presentation software included in the Microsoft Office desktop suite. Problem A memory corruption vulnerability allows command execution when a user opens a PowerPoint file containing an...

9.3CVSS6.4AI score0.21221EPSS
Exploits6
saint
saint
•added 2010/02/05 12:0 a.m.•31 views

Sun Java System Web Server WebDAV OPTIONS request buffer overflow

Added: 02/05/2010 CVE: CVE-2010-0361 BID: 37874 OSVDB: 61851 Background Sun Java System Web Server is a web application server. WebDAV Web-based Distributed Authoring and Versioning is an extension to the HTTP protocol which allows users to edit web server content. Problem A buffer overflow...

10CVSS7.7AI score0.80521EPSS
Exploits20
saint
saint
•added 2010/01/20 12:0 a.m.•31 views

Adobe Illustrator EPS File DSC Comment Buffer Overflow

Added: 01/20/2010 CVE: CVE-2009-4195 BID: 37192 OSVDB: 60632 Background Adobe Illustrator software is a comprehensive vector graphics environment for creative professionals that is used for both drawing and typographical work. Illustrator supports several vector file formats including AI, CDR, PD...

9.3CVSS6.8AI score0.70684EPSS
Exploits8
saint
saint
•added 2010/01/20 12:0 a.m.•31 views

Internet Explorer Eventparam use-after-free vulnerability

Added: 01/20/2010 CVE: CVE-2010-0249 BID: 37815 OSVDB: 61697 Background Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems. Problem A vulnerability in the Eventparam function can cause Internet Explorer's HTML engine to access memory that has already be...

9.3CVSS8.7AI score0.91885EPSS
Exploits16
saint
saint
•added 2010/01/12 12:0 a.m.•31 views

Novell iPrint Client ienipp.ocx target-frame buffer overflow

Added: 01/12/2010 CVE: CVE-2009-1568 BID: 37242 OSVDB: 60803 Background Novell iPrint is an application which allows users to install and manage printers. Novell iPrint installs the Novell iPrint Control ActiveX control named ienipp.ocx. Problem A buffer overflow in ienipp.ocx allows command...

9.3CVSS6.9AI score0.32168EPSS
Exploits9
saint
saint
•added 2010/01/08 12:0 a.m.•31 views

HP OpenView Application Recovery Manager MSG_PROTOCOL buffer overflow

Added: 01/08/2010 CVE: CVE-2009-3844 BID: 37250 OSVDB: 60852 Background HP OpenView Application Recovery Manager is a backup solution for business application data. Problem A buffer overflow vulnerability allows remote attackers to execute arbitrary commands by sending a specially crafted...

10CVSS7.7AI score0.74063EPSS
Exploits10
saint
saint
•added 2009/11/20 12:0 a.m.•31 views

Adobe Acrobat Reader U3D CLODMeshContinuation Code Execution

Added: 11/20/2009 CVE: CVE-2009-2997 BID: 36638 OSVDB: 58926 Background Adobe Reader is free software for viewing PDF documents. Problem A heap memory corruption vulnerability exists in Adobe Acrobat Reader. The vulnerability is due to an input validation error while parsing Universal 3D U3D file...

9.3CVSS9.7AI score0.0837EPSS
Exploits7
saint
saint
•added 2009/07/30 12:0 a.m.•31 views

Visual Studio Active Template Library uninitialized object

Added: 07/30/2009 CVE: CVE-2009-0901 BID: 35832 OSVDB: 56696 Background Microsoft Visual Studio is a product to assist with software development in the Windows operating system. Visual Studio uses Microsoft Active Template Library ATL, which is a set of template-based C++ classes, to help simplif...

9.3CVSS7.8AI score0.36608EPSS
Exploits5
saint
saint
•added 2009/07/13 12:0 a.m.•31 views

Motorola Timbuktu PlughNTCommand named pipe string buffer overflow

Added: 07/13/2009 CVE: CVE-2009-1394 BID: 35496 OSVDB: 55436 Background Motorola Timbuktu is remote control software for Windows and Mac. Problem A buffer overflow vulnerability allows remote attackers to execute arbitrary commands by sending a long, specially crafted character string to the...

9.3CVSS7.7AI score0.33281EPSS
Exploits8
saint
saint
•added 2009/05/25 12:0 a.m.•31 views

Windows GDI Privilege Elevation

Added: 05/25/2009 CVE: CVE-2006-5758 BID: 20940 OSVDB: 30214 Background The Graphics Rendering Engine in Microsoft Windows 2000 and Windows XP maps GDI Kernel structures on a global shared memory section that is created with insecure permissions. Problem Users with local access can remap the shar...

7.2CVSS6.2AI score0.06325EPSS
Exploits6
saint
saint
•added 2009/05/11 12:0 a.m.•31 views

Tivoli Storage Manager Client dsmagent.exe NodeName buffer overflow

Added: 05/11/2009 CVE: CVE-2008-4828 BID: 34803 OSVDB: 54232 Background IBM Tivoli Storage Manager TSM provides centralized management for automated backup and restoration operations. It runs a Client Acceptor Daemon CAD on ports 1581/TCP and 1582/TCP. The Client Acceptor Daemon, upon receiving a...

10CVSS7.9AI score0.71468EPSS
Exploits8
saint
saint
•added 2009/04/07 12:0 a.m.•31 views

SAPgui EAI WebViewer3D ActiveX control SaveViewToSessionFile buffer overflow

Added: 04/07/2009 CVE: CVE-2007-4475 BID: 34310 OSVDB: 53066 Background SAPgui for Windows registers the EAI WebViewer3D ActiveX control. Problem A buffer overflow vulnerability in the EAI WebViewer3D ActiveX control allows command execution when a user loads a web page which invokes the...

9.3CVSS6.8AI score0.40307EPSS
Exploits8
Total number of security vulnerabilities4305