4305 matches found
WinRAR ZIP File Handling Filename Spoofing Vulnerability
Added: 04/28/2014 BID: 66383 OSVDB: 62610 Background WinRAR is a shareware file archiver and data compression utility which runs on Microsoft Windows. It can create archives in ZIP format, as well as its own proprietary RAR format, and unpack a variety of other archive types. Problem WinRAR 4.x i...
Android WebView addJavascriptInterface Arbitrary Java Method Access
Added: 02/11/2014 CVE: CVE-2013-4710 OSVDB: 97520 Background Android is a Linux-based operating system used primarily on touchscreen mobile devices such as smartphones and tablet computers. It was originally developed by Android Inc., but is now owned by Google. WebView is a sub-class of the...
HP LoadRunner Virtual User Generator EmulationAdmin service directory traversal
Added: 12/18/2013 CVE: CVE-2013-4837 BID: 63475 OSVDB: 99231 Background HP LoadRunner is a software performance testing solution. Problem A directory traversal vulnerability in the Virtual User Generator EmulationAdmin service allows remote attackers to upload files to arbitrary locations using t...
Oracle WebCenter Content CheckOutAndOpen.dll ActiveX Control Vulnerability
Added: 08/19/2013 CVE: CVE-2013-1559 BID: 59122 OSVDB: 92386 Background Oracle WebCenter Content is an open platform that allows users to create a vast range of content management applications. It consolidates unstructured content from across diverse systems so it can be centrally managed and the...
PineApp Mail-SeCure test_li_connection.php Command Injection
Added: 08/08/2013 BID: 61477 OSVDB: 95782 Background PineApp Mail-SeCure is an e-mail security appliance which provides perimeter security protection to stop threats prior to their penetration of the customer's network, as well as post-perimeter anti-spam content inspection. Problem PineApp...
SAP NetWeaver SOAP RFC SXPG_COMMAND_EXECUTE Command Execution
Added: 07/03/2013 BID: 55084 OSVDB: 93536 Background SAP NetWeaver is a technology platform for building and integrating SAP business applications. Remote Function Call RFC is the standard SAP interface for communication between SAP systems. Transaction SM69 is used to create and maintain externa...
BigAnt IM Server DDNF username Field Remote Overflow
Added: 04/22/2013 BID: 58998 OSVDB: 92239 Background BigAnt Messenger Server offers secure instant messaging, file transfer, voip, video chat, web conferencing and more. Problem BigAnt IM Server is vulnerable to buffer overflow in the expsrv.dll library as a result of improper validation of...
BigAnt Server SCH and DUPF Stack Overflow
Added: 02/22/2013 CVE: CVE-2012-6275 BID: 57214 OSVDB: 89344 Background BigAnt Messenger Server offers secure instant messaging, file transfer, voip, video chat, web conferencing and more. Problem BigAnt Server versions 2.97 SP7 and prior are vulnerable to a stack overflow condition due to improp...
Foxit Reader Plugin for Firefox URL Filename Stack Buffer Overflow
Added: 01/12/2013 BID: 57174 OSVDB: 89030 Background Foxit Reader is a free PDF reader for Microsoft Windows systems. Problem Foxit Reader plugin for Firefox npFoxitReaderPlugin.dll is vulnerable to remote code execution as a result of failure to check boundary conditions when processing a URL...
WibuKey Runtime WkWin32.dll module DisplayMessageDialog overflow
Added: 12/27/2012 BID: 56678 OSVDB: 87881 Background WibuKey is a software protection and licensing solution. Problem A vulnerability in the WkWin32.dll ActiveX control in WibuKey Runtime allows command execution when a web page calls the DisplayMessageDialog method with a long, specially crafted...
IBM Cognos TM1 and Express Admin Server Buffer Overflow
Added: 12/27/2012 CVE: CVE-2012-0202 BID: 52847 OSVDB: 80876 Background IBM Cognos TM1 is enterprise planning software for planning, budgeting, forecasting and analysis. IBM Cognos Express is an integrated business intelligence BI and planning solution which delivers the essential reporting,...
CA ARCserve Backup Authentication service invalid virtual function call
Added: 11/09/2012 CVE: CVE-2012-2971 BID: 56116 OSVDB: 86416 Background CA ARCserve Backup formerly BrightStor ARCserve Backup is a backup and recovery solution. Problem An invalid virtual function call in the authentication service allows remote attackers to execute arbitrary commands. Resolutio...
HP Operations Agent for NonStop Server ELinkService HEALTH packet buffer overflow
Added: 10/26/2012 BID: 55161 OSVDB: 84854 Background HP Operations Agents is a fault and performance monitoring solution for servers. Problem A buffer overflow vulnerability in HP Operations Agent for NonStop server allows an attacker to execute arbitrary commands by sending a specially crafted...
HP Intelligent Management Center uam.exe Stack Buffer Overflow
Added: 09/26/2012 BID: 55271 OSVDB: 85060 Background HP Intelligent Management Center, also known as HP iNode Management Center, is a comprehensive management platform for delivering integrated, modular network management capabilities. The User Access Manager UAM module uam.exe manages the...
HP Application Lifecycle Management XGO.ocx ActiveX SetShapeNodeType Method Vulnerability
Added: 09/13/2012 BID: 55272 OSVDB: 85152 Background HP Application Lifecycle Management ALM is a software product designed to manage the application lifecycle from requirements through readiness for delivery from a single repository, providing a consistent user experience and customizable...
IBM Lotus Notes URL Handler Command Execution
Added: 09/07/2012 CVE: CVE-2012-2174 BID: 54070 OSVDB: 83063 Background Lotus Notes is the client for Lotus Domino servers. Problem Lotus Notes 8.5.3 and earlier is vulnerable to remote code execution when handling a specially crafted URL. A remote attacker can pass the -RPARAMS command line...
HP Operations Agent Opcode 0x8c vulnerability
Added: 08/20/2012 CVE: CVE-2012-2020 BID: 54362 OSVDB: 83674 Background HP Operations Agents is a fault and performance monitoring solution for servers. Problem A buffer overflow vulnerability in the coda.exe process, which listens on a random TCP port, could allow remote attackers to execute...
SolarWinds Storage Manager SQL Injection
Added: 05/17/2012 BID: 51639 OSVDB: 81634 Background SolarWinds Storage Manager is agentless heterogeneous monitoring and reporting of the performance and capacity of physical and virtual storage infrastructure. It delivers visibility and insight into how your storage infrastructure maps to your...
FreePBX callmenum Remote Code Execution
Added: 05/02/2012 BID: 52630 OSVDB: 80544 Background FreePBX is an open source telephony front-end, which has an easy to use graphical user interface that controls and manages Asterisk. Problem FreePBX fails to properly sanitize user-supplied input passed to 'callmenum' parameter in...
Novell ZENworks Configuration Management Preboot Service Opcode 6c Vulnerability
Added: 04/06/2012 CVE: CVE-2011-3176 BID: 52659 OSVDB: 80231 Background Novell ZENworks Configuration Management is an IT desktop computer management suite that provides the ability to install, configure and administer desktop computers from a centralized location. The product is based on a...
Sysax SSH Username Remote Code Execution
Added: 03/06/2012 BID: 52190 OSVDB: 79689 Background Sysax Multi Server is a Secure FTP Server and SSH2 Secure Shell Server combined into a single product. It simultaneously supports remote access and file transfer using FTP, FTPS, SFTP, Telnet, and Secure Shell. It also supports web based file...
Splunk Search Jobs Remote Code Execution
Added: 01/13/2012 CVE: CVE-2011-4642 BID: 51061 OSVDB: 77695 Background Splunk collects, indexes and harnesses the massive volumes of valuable machine data generated by your complex IT infrastructure, whether physical, virtual or in the cloud. Problem Splunk allows users to perform search actions...
Blue Coat BCAAA Windows Service Stack Buffer Overflow
Added: 01/05/2012 BID: 47618 OSVDB: 72095 Background Blue Coat Authentication and Authorization Agent BCAAA is installed on a domain server and acts as an intermediary between a Blue Coat ProxySG and the domain. Problem The BCAAA Windows Service is vulnerable to a stack-based buffer overflow...
Avaya WinPDM Unite Host Router service buffer overflow
Added: 12/30/2011 BID: 47947 OSVDB: 73269 Background Avaya Windows Portable Device Manager WinPDM is used for local administration and software download of various devices. Problem A buffer overflow vulnerability in Avaya WinPDM allows an attacker to execute arbitrary commands by sending a...
Hastymail rs parameter command injection
Added: 12/28/2011 CVE: CVE-2011-4542 BID: 50791 OSVDB: 77331 Background Hastymail is a fast, secure, rfc-compliant, cross-platform IMAP/SMTP client application written in PHP providing a clean web interface for sending and reading E-mail. Problem Hastymail2 fails to properly sanitize user-supplie...
Traq authenticate function remote code execution
Added: 12/27/2011 BID: 50961 OSVDB: 77556 Background Traq is a PHP5+ and MySQL4+ based Project Tracking system with the ability to host multiple projects. Problem The flaw is caused due to admin rights not properly being restricted in the "authenticate" function in admincp/common.php. This can be...
Trend Micro InterScan Web Security Suite Local Privilege Escalation
Added: 12/09/2011 BID: 50380 OSVDB: 76637 Background Trend Micro InterScan Web Security Suite is an application which dynamically defends against web-based attacks at the Internet gateway. Problem Trend Micro InterScan Web Security Suite is vulnerable to local privilege escalation vulnerability...
Viscom Software Image Viewer ActiveX TIFMergeMultiFiles Vulnerability
Added: 11/28/2011 BID: 50712 Background Viscom Image Viewer CP is an image viewer ActiveX control that supports many popular image file formats, zoom in, zoom out, panning, auto zoom and auto scrolling when drawing the selection rectangle. Problem The ImageViewer2.OCX ActiveX control in Image...
Symantec IM Manager IMAdminLDAPConfig.asp SQL injection
Added: 10/31/2011 CVE: CVE-2011-0553 BID: 49738 OSVDB: 75984 Background Symantec IM Manager is a solution for managing and securing instant-messaging traffic in an enterprise. Problem An SQL injection vulnerability in IMAdminLDAPConfig.asp allows remote, authenticated attackers to execute arbitra...
Computech Wordlist Builder DIC File Buffer Overflow
Added: 09/26/2011 BID: 47113 Background Computech Wordlist Builder is a simple utility that generates sorted wordlists based on contents of documents. Problem A stack overflow condition exists in Wordlist Builder 1.0 due the use of a fixed-length buffer used to read words from the .DIC file...
Microsoft Internet Explorer Time Element Memory Corruption
Added: 09/06/2011 CVE: CVE-2011-1255 BID: 48206 OSVDB: 72947 Background Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems. The HTML+Time Timed Interactive Multimedia Extensions helps to add timed, animated, multimedia content to HTML documents. Problem...
Microsoft Remote Desktop Connection Insecure Library Injection
Added: 03/14/2011 CVE: CVE-2011-0029 BID: 46678 OSVDB: 71014 Background The Windows Remote Desktop allows desktop access to one Windows computer from another Windows computer. Problem A library loading vulnerability in the Remote Desktop Client allows arbitrary command execution when a user opens...
HP OpenView Network Node Manager nnmRptConfig.exe nameParams text1 Buffer Overflow
Added: 01/20/2011 CVE: CVE-2011-0268 BID: 45762 OSVDB: 70473 Background HP OpenView Network Node Manager is network availability and performance management software. Problem A stack buffer overflow vulnerability allows remote attackers to execute arbitrary commands by requesting the...
HP Photo Creations audio.Record ActiveX Stack Buffer Overflow
Added: 01/10/2011 BID: 45631 Background HP Photo Creations is free software that lets the user create photo books, calendars, collages, greeting cards and other keepsakes that can be printed or shipped to the user. HP Photo Creations installs and registers the audio.Record ActiveX control which...
Cisco IOS HTTP exec path command execution
Added: 12/23/2010 CVE: CVE-2000-0945 BID: 1846 OSVDB: 444 Background The Cisco Internetwork Operating System IOS is the operating system used by Cisco routers. Problem A remote attacker could execute arbitrary commands through HTTP requests by requesting a path beginning with /exec. Resolution Se...
Cisco IOS HTTP exec path command execution
Added: 12/23/2010 CVE: CVE-2000-0945 BID: 1846 OSVDB: 444 Background The Cisco Internetwork Operating System IOS is the operating system used by Cisco routers. Problem A remote attacker could execute arbitrary commands through HTTP requests by requesting a path beginning with /exec. Resolution Se...
SAP Crystal Reports PrintControl.dll ServerResourceVersion buffer overflow
Added: 12/22/2010 CVE: CVE-2010-2590 BID: 45387 OSVDB: 69917 Background SAP Crystal Reports allows developers to design interactive reports from virtually any data source. Problem A buffer overflow vulnerability in the PrintControl.dll ActiveX control allows command execution when a user loads a...
Internet Explorer HTML+TIME element OuterText memory corruption
Added: 12/16/2010 CVE: CVE-2010-3346 BID: 45261 OSVDB: 69829 Background The HTML+TIME.aspx component of Internet Explorer adds timing and media synchronization support to HTML pages. Problem A memory corruption vulnerability in the HTML+TIME component allows command execution when a user loads a...
Foxit Reader Crafted PDF Title Handling Stack Buffer Overflow
Added: 11/22/2010 OSVDB: 68648 Background Foxit Reader is a free PDF reader for Microsoft Windows systems. Problem Foxit Reader for Windows is vulnerable to a stack buffer overflow which could allow execution of arbitrary code. A remote attacker can exploit this vulnerability by enticing a user t...
DATAC RealWin SCADA Server SCPC_INITIALIZE buffer overflow
Added: 11/08/2010 CVE: CVE-2010-4142 BID: 44150 OSVDB: 68812 Background RealWin is a Supervisory Control and Data Acquisition SCADA server which is distributed by DATAC. Problem A buffer overflow vulnerability allows remote attackers to execute arbitrary commands by sending a specially crafted...
Adobe Shockwave Director rcsL Chunk Remote Code Execution
Added: 11/04/2010 CVE: CVE-2010-3653 BID: 44291 OSVDB: 68803 Background Adobe Shockwave is a multimedia player used to add animation and interactivity to web pages. It allows Adobe Director applications to be published on the Internet and viewed in a web browser on any computer which has the...
Microsoft Windows Movie Maker MediaClipString Buffer Overflow
Added: 08/27/2010 CVE: CVE-2010-2564 BID: 42268 OSVDB: 66986 Background Windows Movie Maker is software for creating and editing home movies. Problem A buffer overflow vulnerability when parsing MediaClipString data allows command execution when a user opens a specially crafted .MSWMM file...
Novell iPrint Client ActiveX control call-back-url buffer overflow
Added: 08/25/2010 CVE: CVE-2010-1527 BID: 42576 Background Novell iPrint is an application which allows users to install and manage printers. Novell iPrint installs the Novell iPrint Control ActiveX control named ienipp.ocx. Problem A buffer overflow vulnerability allows command execution when a...
Microsoft Excel DBQueryExt record parsing vulnerability
Added: 07/08/2010 CVE: CVE-2010-1253 BID: 40531 OSVDB: 65228 Background Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows and Macintosh platforms. Problem A vulnerability in Microsoft Excel allows command execution when a user opens a spreadshee...
HP OpenView Network Node Manager getnnmdata.exe CGI Hostname buffer overflow
Added: 05/28/2010 CVE: CVE-2010-1555 BID: 40072 OSVDB: 64976 Background HP OpenView Network Node Manager is network availability and performance management software. Problem A buffer overflow vulnerability in Network Node Manager allows remote attackers to execute arbitrary commands by sending a...
Microsoft Windows Movie Maker IsValidWMToolsStream buffer overflow
Added: 05/19/2010 CVE: CVE-2010-0265 BID: 38515 OSVDB: 62811 Background Windows Movie Maker is software for creating and editing home movies. Problem A buffer overflow vulnerability in the IsValidWMToolsStream function allows command execution when a user opens a specially crafted .MSWMM file...
Microsoft Visio DXF file insertion buffer overflow
Added: 05/07/2010 CVE: CVE-2010-1681 BID: 39836 Background Microsoft Visio is a component of the Microsoft Office suite which provides the capability to produce diagrams. Problem A buffer overflow vulnerability allows command execution when a user inserts a specially crafted DXF file into a Visio...
Easy FTP Server MKD command buffer overflow
Added: 04/08/2010 BID: 38102 OSVDB: 62134 Background UplusFTP formerly Easy FTP Server is a free FTP server for Windows platforms. Problem A buffer overflow vulnerability allows remote, authenticated attackers to execute arbitrary commands by sending a MKD command with a specially crafted argumen...
Microsoft Office PowerPoint Viewer TextBytesAtom Record Buffer Overflow
Added: 03/04/2010 CVE: CVE-2010-0033 BID: 38107 OSVDB: 62241 Background Microsoft PowerPoint Viewer 2003 is a free tool which allows viewing of Microsoft PowerPoint presentations without requiring Microsoft PowerPoint itself. Problem A stack overflow vulnerability in the handling of TextBytesAtom...
Microsoft Office PowerPoint Viewer TextBytesAtom Record Buffer Overflow
Added: 03/04/2010 CVE: CVE-2010-0033 BID: 38107 OSVDB: 62241 Background Microsoft PowerPoint Viewer 2003 is a free tool which allows viewing of Microsoft PowerPoint presentations without requiring Microsoft PowerPoint itself. Problem A stack overflow vulnerability in the handling of TextBytesAtom...