Lucene search
+L
SaintMost viewed

4305 matches found

Saint
Saint
•added 2005/12/20 12:0 a.m.•31 views

BrightStor ARCserve Backup agent for MS-SQL buffer overflow

Added: 12/20/2005 CVE: CVE-2005-1272 BID: 14453 OSVDB: 18501 Background BrightStor ARCserve Backup is a backup and recovery solution for multiple platforms. Problem A buffer overflow in the backup agent for Microsoft SQL Server allows remote attackers to execute arbitrary commands. Resolution App...

7.5CVSS7.9AI score0.66121EPSS
Exploits8
Saint
Saint
•added 2005/12/10 12:0 a.m.•31 views

JRun mod_jrun WriteToLog buffer overflow

Added: 12/10/2005 CVE: CVE-2004-0646 BID: 11245 OSVDB: 10546 Background Macromedia JRun is a J2EE application server. modjrun is an Apache module which enables the use of JRun applications through an Apache web server. Problem A buffer overflow vulnerability in modjrun and modjrun20 allows a remo...

10CVSS7.7AI score0.07104EPSS
Exploits4
Saint
Saint
•added 2005/11/29 12:0 a.m.•31 views

Novell eDirectory iMonitor buffer overflow

Added: 11/29/2005 CVE: CVE-2005-2551 BID: 14548 OSVDB: 18703 Background iMonitor is a web service which is a component of Novell eDirectory. Problem A buffer overflow when processing long HTTP or HTTPS requests leads to remote command execution. Resolution Upgrade to eDirectory 8.7.3 IR7 or highe...

7.5CVSS7.1AI score0.55424EPSS
Exploits7
Saint
Saint
•added 2005/11/25 12:0 a.m.•31 views

Internet Explorer inline content filename extension vulnerability

Added: 11/25/2005 CVE: CVE-2001-0727 BID: 3578 OSVDB: 3033 Background Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems. Problem Using a null byte %00 in the filename field found in the Content-disposition header, a remote web server may be able to...

7.5CVSS7.7AI score0.31007EPSS
Exploits4
Saint
Saint
•added 2021/05/24 12:0 a.m.•30 views

ZeroShell kerbynet remote command execution

Added: 05/24/2021 Background Zeroshell is a Linux distribution designed for router and firewall appliances which can be administered from a web interface. Zeroshell is no longer supported. Problem A command injection vulnerability allows unauthenticated attackers to execute arbitrary commands by...

8.7AI score
Exploits0
Saint
Saint
•added 2019/03/25 12:0 a.m.•30 views

Tabs Laboratories MailCarrier MAIL FROM buffer overflow

Added: 03/25/2019 Background Tabs Laboratories MailCarrier is an SMTP server. Problem A buffer overflow vulnerability allows remote attackers to execute arbitrary commands by sending a long, specially crafted MAIL FROM command to the SMTP service. Resolution Upgrade to a fixed version of...

8.8AI score
Exploits0
Saint
Saint
•added 2018/12/21 12:0 a.m.•30 views

MiniShare 1.4.1 HEAD method buffer overflow

Added: 12/21/2018 Background MiniShare is a Windows program that allows sharing of files without additional services or software. Problem MiniShare 1.4.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP HEAD request. Resolution MiniShare is deprecated. References...

2AI score
Exploits0
Saint
Saint
•added 2016/10/14 12:0 a.m.•30 views

FreePBX Recordings Backdoor Upload

Added: 10/14/2016 Background FreePBX is a web-based open-source graphical user interface used to manage Asterisk PBX, an open-source communication server. The FreePBX System Recordings module allows playback of recorded files. Problem The System Recordings module in FreePBX 13 and 14 is vulnerabl...

8.1AI score
Exploits0
Saint
Saint
•added 2016/08/11 12:0 a.m.•30 views

Easy File Sharing Web Server GET HTTP request vulnerability

Added: 08/11/2016 Background Easy File Sharing Web Server is software that allows users to upload/download files to a server easily through a web browser, as well as providing a bulletin board system forum. Problem Easy File Sharing Web Server is vulnerable to a stack buffer overflow condition as...

2.3AI score
Exploits0
Saint
Saint
•added 2016/07/14 12:0 a.m.•30 views

TikiWiki elfinder file upload

Added: 07/14/2016 Background TikiWiki is a multi-purpose web content management system written in PHP. Problem The third-party elfinder component allows unauthenticated users to upload arbitrary files, which can then be executed using a simple HTTP request. Resolution Upgrade to TikiWiki 12.9,...

1.1AI score
Exploits0
Saint
Saint
•added 2015/06/09 12:0 a.m.•30 views

Seagate Central unauthenticated file upload

Added: 06/09/2015 Background Seagate Central is a personal cloud storage device which can be connected to a wireless router. Problem Seagate Central has no root password, allowing unauthenticated users to upload arbitrary files via PHP. This can be leveraged to execute arbitrary commands by...

1.3AI score
Exploits0
Saint
Saint
•added 2015/06/09 12:0 a.m.•30 views

Seagate Central unauthenticated file upload

Added: 06/09/2015 Background Seagate Central is a personal cloud storage device which can be connected to a wireless router. Problem Seagate Central has no root password, allowing unauthenticated users to upload arbitrary files via PHP. This can be leveraged to execute arbitrary commands by...

1.3AI score
Exploits0
Saint
Saint
•added 2015/06/09 12:0 a.m.•30 views

Seagate Central unauthenticated file upload

Added: 06/09/2015 Background Seagate Central is a personal cloud storage device which can be connected to a wireless router. Problem Seagate Central has no root password, allowing unauthenticated users to upload arbitrary files via PHP. This can be leveraged to execute arbitrary commands by...

8.4AI score
Exploits0
Saint
Saint
•added 2015/03/30 12:0 a.m.•30 views

TWiki View Script debugenableplugins Request Parameter Vulnerability

Added: 03/30/2015 CVE: CVE-2014-7236 BID: 70372 OSVDB: 112977 Background TWiki is a web-based collaboration platform written in PERL. Problem The TWiki view script does not properly sanitize the debugenableplugins parameter before using it. Resolution Upgrade to TWiki-6.0.1 or higher, or apply th...

6.4CVSS9.1AI score0.55637EPSS
Exploits12
Saint
Saint
•added 2014/09/16 12:0 a.m.•30 views

ALCASAR index.php Crafted HTTP host Header Vulnerability

Added: 09/16/2014 BID: 69662 OSVDB: 111026 Background ALCASAR is a free Network Access Controller that allows network managers to restrict Internet service access to authenticated users. ALCASAR allows control and logging of all network activity by users and/or defined user groups. Problem ALCASA...

8.1AI score
Exploits0
Saint
Saint
•added 2014/02/24 12:0 a.m.•30 views

Symantec Endpoint Protection Manager XXE and SQL Injection Vulnerabilities

Added: 02/24/2014 CVE: CVE-2013-5014 BID: 65466 OSVDB: 103306 Background Symantec Endpoint Protection, by Symantec Corporation, is an antivirus and personal firewall product designed to be centrally managed in corporate environments by the Symantec Endpoint Protection Manager SEPM. The SEPM...

7.5CVSS6.8AI score0.67573EPSS
Exploits18
Saint
Saint
•added 2013/12/27 12:0 a.m.•30 views

RealPlayer RMP File Version Attribute Buffer Overflow

Added: 12/27/2013 CVE: CVE-2013-6877 BID: 64398 OSVDB: 101356 Background RealNetworks RealPlayer includes an embedded player which plays media embedded in a web page. Problem RealNetworks Windows RealPlayer 17.0.2.206 and earlier versions are vulnerable to remote code execution due to improper...

9.3CVSS7.4AI score0.11345EPSS
Exploits11
Saint
Saint
•added 2013/12/18 12:0 a.m.•30 views

HP LoadRunner Virtual User Generator EmulationAdmin service directory traversal

Added: 12/18/2013 CVE: CVE-2013-4837 BID: 63475 OSVDB: 99231 Background HP LoadRunner is a software performance testing solution. Problem A directory traversal vulnerability in the Virtual User Generator EmulationAdmin service allows remote attackers to upload files to arbitrary locations using t...

10CVSS6.6AI score0.62617EPSS
Exploits8
Saint
Saint
•added 2013/10/03 12:0 a.m.•30 views

Internet Explorer CCaret UpdateScreenCaret Memory Corruption

Added: 10/03/2013 CVE: CVE-2013-3205 BID: 62208 OSVDB: 97094 Background Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems. Problem Microsoft Internet Explorer contains a use-after-free error that is triggered when handling a CCaret object. The...

9.3CVSS6.7AI score0.66277EPSS
Exploits8
Saint
Saint
•added 2013/09/30 12:0 a.m.•30 views

HP LoadRunner micWebAjax.dll ActiveX NotifyEvent Method Vulnerability

Added: 09/30/2013 CVE: CVE-2013-2368 BID: 61436 OSVDB: 95639 Background HP LoadRunner is a software performance testing solution. HP LoadRunner includes the micWebAjax ActiveX control. Problem HP LoadRunner before 11.52 is vulnerable to remote code execution due to failure to sanitize user-suppli...

5CVSS7.4AI score0.09637EPSS
Exploits5
Saint
Saint
•added 2013/08/01 12:0 a.m.•30 views

QuickTime Movie File dref Atom Handling Buffer Overflow

Added: 08/01/2013 CVE: CVE-2013-1017 BID: 60097 OSVDB: 93625 Background QuickTime is a media player for Windows and Mac OS platforms. Problem Apple QuickTime before 7.7.4 is vulnerable to remote code execution due to a failure to perform appropriate validation of user supplied input. A remote...

9.3CVSS7.5AI score0.32553EPSS
Exploits11
Saint
Saint
•added 2013/06/26 12:0 a.m.•30 views

Oracle WebCenter Capture ActiveX SetAnnotationFont buffer overflow

Added: 06/26/2013 CVE: CVE-2013-1516 BID: 59112 OSVDB: 92387 Background Oracle WebCenter Capture formerly Oracle Document Capture is a centralized document scanning solution. Problem The Import Server subcomponent of Oracle WebCenter Capture is affected by a buffer overflow vulnerability. The...

4CVSS6.7AI score0.00995EPSS
Exploits4
Saint
Saint
•added 2013/04/01 12:0 a.m.•30 views

BigAnt Messenger Server DUPF Arbitrary File Upload

Added: 04/01/2013 CVE: CVE-2012-6274 BID: 57214 OSVDB: 89342 Background BigAnt Messenger Server offers secure instant messaging, file transfer, voip, video chat, web conferencing and more. Problem BigAnt Server 2.97 and earlier does not require authentication for file uploading, and does not...

5CVSS6.7AI score0.46868EPSS
Exploits8
Saint
Saint
•added 2013/02/22 12:0 a.m.•30 views

BigAnt Server SCH and DUPF Stack Overflow

Added: 02/22/2013 CVE: CVE-2012-6275 BID: 57214 OSVDB: 89344 Background BigAnt Messenger Server offers secure instant messaging, file transfer, voip, video chat, web conferencing and more. Problem BigAnt Server versions 2.97 SP7 and prior are vulnerable to a stack overflow condition due to improp...

10CVSS6.8AI score0.46498EPSS
Exploits8
Saint
Saint
•added 2012/12/03 12:0 a.m.•30 views

Novell NetIQ Privileged User Manager Security Bypass

Added: 12/03/2012 BID: 56539 OSVDB: 87334 Background Novell NetIQ Privileged User Manager NPUM allows IT administrators to work on systems without exposing superuser administrator or supervisor passwords or root-account credentials to the administrator. Problem NetIQ Privileged User Manager 2.3.1...

8.1AI score
Exploits0
Saint
Saint
•added 2012/11/02 12:0 a.m.•30 views

Indusoft Thin Client ISSymbol ActiveX Control InternationalOrder buffer overflow

Added: 11/02/2012 CVE: CVE-2011-0340 BID: 47596 OSVDB: 72865 Background Indusoft Thin Client allows access to Indusoft Web Studio projects without requiring Web Studio to be installed. It includes the ISSymbol ActiveX control, which is also included in Indusoft Web Studio and Advantech Studio...

9.3CVSS6.7AI score0.32349EPSS
Exploits12
Saint
Saint
•added 2012/10/22 12:0 a.m.•30 views

Avaya IP Office Customer Call Reporter ImageUpload.ashx file upload

Added: 10/22/2012 CVE: CVE-2012-3811 BID: 54225 OSVDB: 83399 Background Avaya IP Office is a unified communications solution for mobile workforce. Problem The ImageUpload.ashx script allows unauthenticated users to upload arbitrary script files to the webserver. The script files can then be...

10CVSS6.8AI score0.62876EPSS
Exploits8
Saint
Saint
•added 2012/10/09 12:0 a.m.•30 views

HP Application Lifecycle Management ActiveX Control Arbitrary File Overwrite

Added: 10/09/2012 BID: 55272 OSVDB: 85059 Background HP Application Lifecycle Management ALM is a software product designed to manage the application lifecycle from requirements through readiness for delivery from a single repository, providing a consistent user experience and customizable...

0.1AI score
Exploits0
Saint
Saint
•added 2012/09/27 12:0 a.m.•30 views

EMC NetWorker nsrd Format String

Added: 09/27/2012 CVE: CVE-2012-2288 BID: 55330 OSVDB: 85116 Background EMC NetWorker is a centralized data backup solution. Problem In NetWorker versions 7.6.3 through 8.0, the nsrd RPC service is vulnerable to a format string vulnerability. Resolution NetWorker 7 users should apply EMC NetWorke...

9.3CVSS6.2AI score0.3312EPSS
Exploits9
Saint
Saint
•added 2012/08/24 12:0 a.m.•30 views

Symantec Web Gateway pbcontrol.php Command Injection

Added: 08/24/2012 CVE: CVE-2012-2953 BID: 54426 OSVDB: 84120 Background Symantec Web Gateway protects organizations against multiple types of Web-based malware and prevents data loss over the Web. Problem Symantec Web Gateway 5.0.x.x before 5.0.3.18 is vulnerable to command injection due to...

10CVSS7.5AI score0.67389EPSS
Exploits9
Saint
Saint
•added 2012/08/17 12:0 a.m.•30 views

Oracle Business Transaction Management FlashTunnelService WriteToFile Vulnerability

Added: 08/17/2012 BID: 54839 Background Oracle Business Transaction Management BTM is a component of several Oracle Enterprise Manager Management Packs, including WebLogic Server Management Pack Enterprise Edition. Oracle BTM provides capability in three key areas: transaction visibility,...

0.4AI score
Exploits0
Saint
Saint
•added 2012/07/03 12:0 a.m.•30 views

iTunes m3u Playlist Overflow

Added: 07/03/2012 CVE: CVE-2012-0677 BID: 53933 OSVDB: 82897 Background iTunes is a free media player for multiple platforms. Problem iTunes does not properly validate parameters for EXTINF: directives in m3u files. This results in an exploitable stack overflow. Resolution Upgrade to iTunes 10.6....

9.3CVSS6.2AI score0.15357EPSS
Exploits17
Saint
Saint
•added 2012/05/30 12:0 a.m.•30 views

Adobe Photoshop U3D.8BI Library Collada Asset Elements Handling

Added: 05/30/2012 BID: 53464 OSVDB: 81832 Background Adobe Photoshop is an application for editing digital images. Problem Adobe Photoshop 12.1 in Creative Suite CS 5.1 20110328.r.145 is vulnerable to a stack-based buffer overflow that could be exploited to perform arbitrary remote code execution...

8.4AI score
Exploits0
Saint
Saint
•added 2012/04/06 12:0 a.m.•30 views

Novell ZENworks Configuration Management Preboot Service Opcode 6c Vulnerability

Added: 04/06/2012 CVE: CVE-2011-3176 BID: 52659 OSVDB: 80231 Background Novell ZENworks Configuration Management is an IT desktop computer management suite that provides the ability to install, configure and administer desktop computers from a centralized location. The product is based on a...

10CVSS6.7AI score0.69667EPSS
Exploits13
Saint
Saint
•added 2012/02/20 12:0 a.m.•30 views

HP OpenView Network Node Manager OVBuildPath Overflow

Added: 02/20/2012 CVE: CVE-2011-3167 BID: 50471 OSVDB: 76775 Background HP OpenView Network Node Manager NNM is a network monitoring solution based on SNMP. Problem User supplied data from the NNM web interface is passed to the OVBuildPath function in ov.dll. This function contains a stack overfl...

10CVSS6.9AI score0.66402EPSS
Exploits8
Saint
Saint
•added 2011/12/23 12:0 a.m.•30 views

Microsys Promotic PmTrendViewer ActiveX Control SaveCfg Stack Buffer Overflow

Added: 12/23/2011 OSVDB: 76396 Background Microsys Promotic is a SCADA object software tool for creating applications that monitor, control and display technological processes in various industrial areas. Promotic includes support for a web interface designed for Microsoft Windows. Problem Micros...

8.1AI score
Exploits0
Saint
Saint
•added 2011/12/12 12:0 a.m.•30 views

Iron Mountain Connected Backup Opcode 13 Processing Command Injection

Added: 12/12/2011 CVE: CVE-2011-2397 BID: 50884 OSVDB: 77495 Background Iron Mountain Connected Backup is a solution for automatic online backup and recovery for Microsoft Windows and Mac OS X. An agent is installed on each computer that is to be backed up. The agent listens by default on TCP por...

10CVSS7.5AI score0.05521EPSS
Exploits4
Saint
Saint
•added 2011/11/25 12:0 a.m.•30 views

Wireshark Lua Untrusted Search Path vulnerability

Added: 11/25/2011 CVE: CVE-2011-3360 BID: 49528 OSVDB: 75347 Background Wireshark is a network packet analyzer. Problem A vulnerability in Wireshark allows execution of arbitrary Lua scripts placed in untrusted directories which are included in Wireshark's search path. Resolution Upgrade to...

9.3CVSS7.5AI score0.35528EPSS
Exploits9
Saint
Saint
•added 2011/11/21 12:0 a.m.•30 views

eSignal WinSig.exe long StyleTemplate buffer overflow

Added: 11/21/2011 CVE: CVE-2011-3494 BID: 49600 OSVDB: 75456 Background eSignal is a tool which provides real-time financial and market information. Problem WinSig.exe in eSignal 10.6.2425 and earlier allows remote attackers to cause a denial of service crash and possibly execute arbitrary code v...

10CVSS7.7AI score0.55778EPSS
Exploits7
Saint
Saint
•added 2011/10/11 12:0 a.m.•30 views

NetSupport Client Handshake Hostname Overflow

Added: 10/11/2011 CVE: CVE-2011-0404 BID: 45728 OSVDB: 70408 Background NetSupport Manager is a remote desktop support solution. Problem The NetSupport client/server communication is carried out over a proprietary communications protocol. This protocol begins with a handshake between the client a...

7.5CVSS6.8AI score0.64739EPSS
Exploits8
Saint
Saint
•added 2011/09/13 12:0 a.m.•30 views

Citrix Access Gateway NESPA ActiveX Control

Added: 09/13/2011 CVE: CVE-2011-2882 BID: 48676 OSVDB: 74191 Background Citrix Access Gateway is an application remote-access solution. Problem The Citrix Access Gateway installs an ActiveX plug-in on the user's browser. Plug-in versions 8.1-67.7, 9.0-70.5, and 9.1-96.4 are vulnerable to a stack...

9.3CVSS6.3AI score0.56368EPSS
Exploits10
Saint
Saint
•added 2011/09/06 12:0 a.m.•30 views

Microsoft Internet Explorer Time Element Memory Corruption

Added: 09/06/2011 CVE: CVE-2011-1255 BID: 48206 OSVDB: 72947 Background Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems. The HTML+Time Timed Interactive Multimedia Extensions helps to add timed, animated, multimedia content to HTML documents. Problem...

9.3CVSS6.5AI score0.42103EPSS
Exploits5
Saint
Saint
•added 2011/05/09 12:0 a.m.•30 views

HP OpenView Storage Data Protector Backup Client Service GET_FILE Message Processing Overflow

Added: 05/09/2011 CVE: CVE-2011-1729 BID: 47638 OSVDB: 72188 Background HP OpenView Storage Data Protector is a backup solution for enterprise and distributed environments. Problem A remote code execution vulnerability exists in HP Data Protector Backup Client Service due to a buffer overflow in...

10CVSS7.6AI score0.13614EPSS
Exploits4
Saint
Saint
•added 2011/04/18 12:0 a.m.•30 views

HP OpenView Network Node Manager malformed displayWidth option to jovgraph.exe

Added: 04/18/2011 CVE: CVE-2011-0261 BID: 45762 OSVDB: 70469 Background HP OpenView Network Node Manager is network availability and performance management software. Problem A buffer overflow vulnerability in jovgraph.exe allows remote attackers to execute arbitrary commands by sending an overly...

10CVSS7.7AI score0.1582EPSS
Exploits4
Saint
Saint
•added 2011/04/11 12:0 a.m.•30 views

RealFlex RealWin FC_SCRIPT_FCS_STARTPROG Buffer Overflow

Added: 04/11/2011 CVE: CVE-2011-1563 BID: 46937 Background RealWin is a Supervisory Control and Data Acquisition SCADA server which is distributed by DATAC. Problem A buffer overflow vulnerability in RealWin Server allows remote attackers to execute arbitrary commands by sending a long, specially...

10CVSS7.7AI score0.74638EPSS
Exploits15
Saint
Saint
•added 2011/04/11 12:0 a.m.•30 views

RealFlex RealWin FC_SCRIPT_FCS_STARTPROG Buffer Overflow

Added: 04/11/2011 CVE: CVE-2011-1563 BID: 46937 Background RealWin is a Supervisory Control and Data Acquisition SCADA server which is distributed by DATAC. Problem A buffer overflow vulnerability in RealWin Server allows remote attackers to execute arbitrary commands by sending a long, specially...

10CVSS7.7AI score0.74638EPSS
Exploits15
Saint
Saint
•added 2011/04/11 12:0 a.m.•30 views

RealFlex RealWin FC_SCRIPT_FCS_STARTPROG Buffer Overflow

Added: 04/11/2011 CVE: CVE-2011-1563 BID: 46937 Background RealWin is a Supervisory Control and Data Acquisition SCADA server which is distributed by DATAC. Problem A buffer overflow vulnerability in RealWin Server allows remote attackers to execute arbitrary commands by sending a long, specially...

10CVSS7.7AI score0.74638EPSS
Exploits15
Saint
Saint
•added 2011/03/28 12:0 a.m.•30 views

Microsoft Office Groove Insecure Library Loading

Added: 03/28/2011 CVE: CVE-2010-3146 BID: 42695 OSVDB: 67484 Background Microsoft Office Groove is a collaboration-based software application that allows teams and organizations to work together regardless of physical or network location. Problem Microsoft Office Groove has a vulnerability due to...

9.3CVSS6.4AI score0.13715EPSS
Exploits5
Saint
Saint
•added 2011/03/14 12:0 a.m.•30 views

Microsoft Remote Desktop Connection Insecure Library Injection

Added: 03/14/2011 CVE: CVE-2011-0029 BID: 46678 OSVDB: 71014 Background The Windows Remote Desktop allows desktop access to one Windows computer from another Windows computer. Problem A library loading vulnerability in the Remote Desktop Client allows arbitrary command execution when a user opens...

9.3CVSS7.6AI score0.0716EPSS
Exploits4
Saint
Saint
•added 2011/03/03 12:0 a.m.•30 views

HP Data Protector Client agent EXEC_SETUP code execution

Added: 03/03/2011 CVE: CVE-2011-0922 BID: 46234 OSVDB: 72525 Background HP OpenView Storage Data Protector is a backup solution for enterprise and distributed environments. Problem The backup agent provided by the Data Protector Backup Client Service may be instructed to execute a setup file from...

10CVSS6.6AI score0.64219EPSS
Exploits20
Total number of security vulnerabilities4305