Lucene search
K
SaintMost viewed

4305 matches found

Saint
Saint
•added 2007/04/12 12:0 a.m.•28 views

Yahoo Messenger AudioConf ActiveX control buffer overflow

Added: 04/12/2007 CVE: CVE-2007-1680 BID: 23291 OSVDB: 34319 Background Yahoo! Messenger is an instant messaging application. It includes the AudioConf ActiveX control which is provided by yacscom.dll. Problem A buffer overflow vulnerability in the AudioConf ActiveX control allows command executi...

9.3CVSS6.9AI score0.08375EPSS
Exploits4
Saint
Saint
•added 2007/03/22 12:0 a.m.•28 views

McAfee ePolicy Orchestrator SiteManager ActiveX buffer overflow

Added: 03/22/2007 CVE: CVE-2007-1498 BID: 22952 OSVDB: 33796 Background ePolicy Orchestrator is a centralized security configuration and monitoring application. It includes the SiteManager ActiveX control which is implemented by sitemanager.dll. Problem A buffer overflow vulnerability in the...

9.3CVSS6.9AI score0.07729EPSS
Exploits8
Saint
Saint
•added 2007/03/22 12:0 a.m.•28 views

McAfee ePolicy Orchestrator SiteManager ActiveX buffer overflow

Added: 03/22/2007 CVE: CVE-2007-1498 BID: 22952 OSVDB: 33796 Background ePolicy Orchestrator is a centralized security configuration and monitoring application. It includes the SiteManager ActiveX control which is implemented by sitemanager.dll. Problem A buffer overflow vulnerability in the...

9.3CVSS6.9AI score0.07729EPSS
Exploits8
Saint
Saint
•added 2006/12/29 12:0 a.m.•28 views

NetMail IMAP APPEND command buffer overflow

Added: 12/29/2006 CVE: CVE-2006-6425 BID: 21723 OSVDB: 31362 Background Novell NetMail is an e-mail and calendaring server application. Problem A buffer overflow in the NetMail IMAP service allows remote, authenticated attackers to execute arbitrary commands by sending a long, specially crafted...

9CVSS7.7AI score0.58474EPSS
Exploits7
Saint
Saint
•added 2006/12/15 12:0 a.m.•28 views

AOL ICQ ActiveX DownloadAgent vulnerability

Added: 12/15/2006 CVE: CVE-2006-5650 BID: 20930 OSVDB: 30220 Background America Online AOL ICQ is a widely used program for communicating with other users on the Internet. Problem The ICQPhone.SipxPhoneManager ActiveX control, which is installed with ICQ, includes a function called DownloadAgent...

7.5CVSS7.2AI score0.66368EPSS
Exploits9
Saint
Saint
•added 2006/11/27 12:0 a.m.•28 views

Windows Workstation service NetpManageIPCConnect buffer overflow

Added: 11/27/2006 CVE: CVE-2006-4691 BID: 20985 OSVDB: 30263 Background The Windows Workstation service routes network requests for file or printer resources. Problem A buffer overflow in the NetpManageIPCConnect function in the Windows Workstation service allows command execution when a domain...

10CVSS6.9AI score0.80214EPSS
Exploits8
Saint
Saint
•added 2006/11/09 12:0 a.m.•28 views

BrightStor ARCserve Message Engine RPC server buffer overflow

Added: 11/09/2006 CVE: CVE-2006-5143 BID: 20365 OSVDB: 29535 Background The BrightStor ARCserve Backup family of products includes a Message Engine which listens for connections on port 6503/TCP. Problem A buffer overflow in the ASCORE.dll library allows remote attackers to execute arbitrary...

7.5CVSS7.7AI score0.78513EPSS
Exploits12
Saint
Saint
•added 2006/09/22 12:0 a.m.•28 views

WS_FTP XCRC buffer overflow

Added: 09/22/2006 CVE: CVE-2006-4847 BID: 20076 OSVDB: 28939 Background WSFTP Server is an FTP server for Windows platforms. Problem Buffer overflows in multiple FTP commands allow an authenticated attacker to execute arbitrary commands. Resolution Upgrade to WSFTP Server 5.05 Hotfix 1. Reference...

6.5CVSS7.1AI score0.85213EPSS
Exploits10
Saint
Saint
•added 2006/09/08 12:0 a.m.•28 views

TikiWiki file upload vulnerability (jhot.php)

Added: 09/08/2006 CVE: CVE-2006-4602 BID: 19819 OSVDB: 28456 Background TikiWiki is a multi-purpose web content management system written in PHP. Problem The jhot.php script allows remote attackers to upload arbitrary PHP commands into the img/wiki directory. The commands can then be executed by...

7.5CVSS6.8AI score0.42596EPSS
Exploits8
Saint
Saint
•added 2006/08/25 12:0 a.m.•28 views

McAfee Subscription Manager ActiveX buffer overflow

Added: 08/25/2006 CVE: CVE-2006-3961 BID: 19265 OSVDB: 27698 Background McAfee Antivirus products access the McAfee Security Center product which allows users to set preferences and settings for numerous installed McAfee components and services. The Security Center includes a Subscription Manager...

6.8CVSS6.9AI score0.33824EPSS
Exploits7
Saint
Saint
•added 2006/07/28 12:0 a.m.•28 views

ViRobot Server web interface addschup buffer overflow

Added: 07/28/2006 CVE: CVE-2005-2041 BID: 13964 OSVDB: 17320 Background ViRobot Linux Server includes a web-based control interface. Problem A buffer overflow in the addschup CGI program included in the ViRobot Linux Server allows remote attackers to write arbitrary commands into the root crontab...

5CVSS7.4AI score0.05547EPSS
Exploits5
Saint
Saint
•added 2006/07/18 12:0 a.m.•28 views

ntdll.dll buffer overflow via IIS 5.0 WebDAV

Added: 07/18/2006 CVE: CVE-2003-0109 BID: 7116 OSVDB: 4467 Background The dynamic link library ntdll.dll is a core component of the Windows operating system. It is used by many operating system components including the WebDAV component of Microsoft IIS. Problem A buffer overflow in ntdll.dll allo...

7.5CVSS7.7AI score0.86396EPSS
Exploits13
Saint
Saint
•added 2006/06/09 12:0 a.m.•28 views

SpamAssassin spamd vpopmail user vulnerability

Added: 06/09/2006 CVE: CVE-2006-2447 BID: 18290 OSVDB: 26177 Background SpamAssassin identifies spam e-mail using a variety of local and network based tests. spamd is a component of SpamAssassin which allows it to run as a network daemon. Problem When the vpopmail -v and paranoid -P options are...

5.1CVSS6.5AI score0.74703EPSS
Exploits12
Saint
Saint
•added 2006/06/06 12:0 a.m.•28 views

HP OpenView OmniBack directory traversal

Added: 06/06/2006 CVE: CVE-2001-0311 BID: 11032 OSVDB: 6018 Background HP OpenView is a suite of tools for managing networks. The OmniBack component provides backup and restoration capabilities. Problem A directory traversal vulnerability in the OmniBack service allows a remote attacker to run a...

4.6CVSS7.4AI score0.11643EPSS
Exploits9
Saint
Saint
•added 2006/05/30 12:0 a.m.•28 views

Novell eDirectory iMonitor NDS buffer overflow

Added: 05/30/2006 CVE: CVE-2006-2496 BID: 18026 OSVDB: 25781 Background iMonitor is a web service which is a component of Novell eDirectory. Problem A buffer overflow in iMonitor allows remote attackers to execute arbitrary commands by sending a long, specially crafted URL request in the NDS...

10CVSS7.8AI score0.09219EPSS
Exploits4
Saint
Saint
•added 2006/05/17 12:0 a.m.•28 views

FreeSSHd key exchange buffer overflow

Added: 05/17/2006 CVE: CVE-2006-2407 BID: 17958 OSVDB: 25463 Background freeSSHd is a free SSH server based on WeOnlyDo wodSSHServer. Problem wodSSHServer and its derivatives, including freeSSHd, are affected by a buffer overflow vulnerability in the key exchange algorithm. A remote attacker can...

7.5CVSS7.5AI score0.71375EPSS
Exploits11
Saint
Saint
•added 2006/05/04 12:0 a.m.•28 views

Outlook Express NNTP LIST buffer overflow

Added: 05/04/2006 CVE: CVE-2005-1213 BID: 13951 OSVDB: 17306 Background Outlook Express is a free e-mail client which is included in Windows operating systems. Problem A buffer overflow in Outlook Express allows command execution when processing responses from NNTP servers to LIST commands...

7.5CVSS6.9AI score0.73961EPSS
Exploits8
Saint
Saint
•added 2006/04/05 12:0 a.m.•28 views

VERITAS NetBackup VMD argument parsing vulnerability

Added: 04/05/2006 CVE: CVE-2006-0989 BID: 17264 OSVDB: 24172 Background VERITAS NetBackup is a backup and recovery solution for multiple platforms. Problem Volume Manager Daemon VMD is affected by a buffer overflow vulnerability when parsing arguments to various commands. This vulnerability allow...

9CVSS7.2AI score0.07927EPSS
Exploits4
Saint
Saint
•added 2006/04/04 12:0 a.m.•28 views

Windows RPC DCOM interface buffer overflow

Added: 04/04/2006 CVE: CVE-2003-0352 BID: 8205 OSVDB: 2100 Background The Distributed Component Object Model is a technology in Microsoft Windows operating systems which allows software components to communicate. Remote Procedure Call RPC is a protocol used to request a service from a program on...

7.5CVSS6.9AI score0.98626EPSS
Exploits9
Saint
Saint
•added 2006/02/24 12:0 a.m.•28 views

Internet Explorer COM object instantiation vulnerability

Added: 02/24/2006 CVE: CVE-2005-1990 BID: 14511 OSVDB: 18612 Background Windows operating systems use the Component Object Model COM to allow various program components to be run within different applications. Problem Improper instantiation of certain COM objects as ActiveX controls by Internet...

5.1CVSS6.9AI score0.48513EPSS
Exploits4
Saint
Saint
•added 2006/02/21 12:0 a.m.•28 views

Lotus Notes Attachment Viewer UUE file buffer overflow

Added: 02/21/2006 CVE: CVE-2005-2618 BID: 16576 OSVDB: 23065 Background Lotus Notes is the client for Lotus Domino servers. Problem A buffer overflow in the attachment viewer in the Lotus Notes e-mail client allows command execution when a user opens a specially crafted UUE file. Resolution Upgra...

9.3CVSS6.8AI score0.07922EPSS
Exploits8
Saint
Saint
•added 2006/02/17 12:0 a.m.•28 views

Lotus Notes HTML Speed Reader URL buffer overflow

Added: 02/17/2006 CVE: CVE-2005-2618 BID: 16576 OSVDB: 23068 Background Lotus Notes is the client for Lotus Domino servers. Problem A buffer overflow in the HTML Speed Reader component of the Lotus Notes e-mail client allows command execution by a specially crafted e-mail message containing a lon...

9.3CVSS6.8AI score0.07922EPSS
Exploits8
Saint
Saint
•added 2005/12/30 12:0 a.m.•28 views

Windows WMF handling vulnerability

Added: 12/30/2005 CVE: CVE-2005-4560 BID: 16074 OSVDB: 21987 Background A Windows Metafile WMF image is a 16-bit metafile format that can contain both vector information and bitmap information. Problem A flaw in the way specially crafted WMF images are handled can allow arbitrary command executio...

7.5CVSS6.3AI score0.86476EPSS
Exploits14
Saint
Saint
•added 2005/12/19 12:0 a.m.•28 views

Windows password weakness

Added: 12/19/2005 CVE: CVE-1999-0503 Background Passwords are the most commonly used method of authenticating users to a server. The combination of a login name and password is used to verify the identity of a user requesting access, and to determine what parts of the server the user has permissi...

7.2CVSS6.6AI score0.01835EPSS
Exploits4
Saint
Saint
•added 2005/12/03 12:0 a.m.•28 views

MailEnable IMAP W3C Logging Buffer Overflow

Added: 12/03/2005 CVE: CVE-2005-3155 BID: 15006 OSVDB: 19842 Background MailEnable is a mail server for Windows platforms. The standard edition supports the SMTP and POP3 protocols. MailEnable Professional and MailEnable Enterprise also support IMAP and HTTPMail. Problem MailEnable's IMAP service...

7.5CVSS7.6AI score0.63694EPSS
Exploits7
Saint
Saint
•added 2005/12/01 12:0 a.m.•28 views

Internet Explorer onload window vulnerability

Added: 12/01/2005 CVE: CVE-2005-1790 BID: 13799 OSVDB: 17094 Background Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems. Problem Internet Explorer fails to properly initialize the window function when called from an onLoad event in a body tag. This...

2.6CVSS6.2AI score0.83472EPSS
Exploits9
Saint
Saint
•added 2005/11/25 12:0 a.m.•28 views

Internet Explorer inline content filename extension vulnerability

Added: 11/25/2005 CVE: CVE-2001-0727 BID: 3578 OSVDB: 3033 Background Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems. Problem Using a null byte %00 in the filename field found in the Content-disposition header, a remote web server may be able to...

7.5CVSS7.7AI score0.31007EPSS
Exploits4
Saint
Saint
•added 2021/02/25 12:0 a.m.•27 views

VMware VCenter Server file upload

Added: 02/25/2021 Background VMware VCenter Server is server management software for controlling VMware VSphere environments. Problem A vulnerability in VMware VCenter Server allows remote, unauthenticated attackers to upload files to arbitrary locations on the server, leading to command executio...

8AI score
Exploits0
Saint
Saint
•added 2019/01/18 12:0 a.m.•27 views

Horde Imp Unauthenticated Remote Command Execution

Added: 01/18/2019 BID: 106018 Background The IMP is a web-based mail client for IMAP and POP3 accounts. It is built atop the Horde Application Framework, which is a general-purpose web application library written in PHP. Problem A vulnerability in Horde IMP could allow unauthenticated command...

7.7AI score
Exploits0
Saint
Saint
•added 2018/09/05 12:0 a.m.•27 views

Apache Struts undefined namespace vulnerability

Added: 09/05/2018 BID: 105125 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Problem A remote attacker can execute...

8.2AI score
Exploits0
Saint
Saint
•added 2017/11/29 12:0 a.m.•27 views

Unitrends Backup api/storage input validation vulnerability

Added: 11/29/2017 Background Unitrends Backup is an enterprise backup, ransomware detection, and cloud continuity solution. Problem Unitrends Backup does not properly validate the hostname parameter in a JSON request to the api/storage resource, allowing a remote attacker to bypass authentication...

8.5AI score
Exploits0
Saint
Saint
•added 2017/04/28 12:0 a.m.•27 views

Windows DCE-RPC MIBEntryGet vulnerability (ErraticGopher)

Added: 04/28/2017 Background Distributed Computing Environment - Remote Procedure Call DCE-RPC is the protocol used by Windows operating systems for calling program functions on remote targets. Problem A memory corruption vulnerability in the DCE-RPC MIBEntryGet call could allow remote attackers ...

8.5AI score
Exploits0
Saint
Saint
•added 2016/12/01 12:0 a.m.•27 views

Disk Savvy Enterprise GET buffer overflow

Added: 12/01/2016 Background Disk Savvy Enterprise is a disk space usage analyzer. Problem A buffer overflow in Disk Savvy Enterprise when handling GET requests could allow remote code execution. Resolution Upgrade to a version higher than 9.1.14 when available. References...

8.6AI score
Exploits0
Saint
Saint
•added 2016/09/23 12:0 a.m.•27 views

SugarCRM REST deserialization vulnerability

Added: 09/23/2016 BID: 91413 Background SugarCRM is customer relationship management software written in PHP. Problem Improper use of the unserialize function inside the SugarRestSerialize.php script allows remote attackers to inject PHP objects, leading to arbitrary command execution. Resolution...

7.8AI score
Exploits0
Saint
Saint
•added 2016/08/11 12:0 a.m.•27 views

Easy File Sharing Web Server GET HTTP request vulnerability

Added: 08/11/2016 Background Easy File Sharing Web Server is software that allows users to upload/download files to a server easily through a web browser, as well as providing a bulletin board system forum. Problem Easy File Sharing Web Server is vulnerable to a stack buffer overflow condition as...

8.4AI score
Exploits0
Saint
Saint
•added 2016/07/01 12:0 a.m.•27 views

op5 Monitor Nacoma command execution

Added: 07/01/2016 Background op5 Monitor is an open-source monitoring solution written in PHP. Problem The commandtest.php script in the Nacoma component of op5 Monitor can be used to execute arbitrary operating system commands. Resolution Upgrade to op5 Monitor 7.2.0 or higher. References...

7.9AI score
Exploits0
Saint
Saint
•added 2016/06/15 12:0 a.m.•27 views

Apache Continuum saveInstallation.action command execution

Added: 06/15/2016 Background Apache Continuum is a continuous integration server for Java projects. Problem A remote attacker could execute arbitrary commands by sending a POST request to saveInstallation.action with a specially crafted installation.varValue parameter. Resolution Upgrade to a...

8.2AI score
Exploits0
Saint
Saint
•added 2015/08/13 12:0 a.m.•27 views

PCMan FTP Server PUT buffer overflow

Added: 08/13/2015 Background PCMan's FTP Server is a free FTP server for Windows. Problem A buffer overflow vulnerability in PCMan's FTP Server allows remote attackers to execute arbitrary commands. Resolution There is no known fix for this vulnerability. Use a different FTP server, or block acce...

8.6AI score
Exploits0
Saint
Saint
•added 2015/07/30 12:0 a.m.•27 views

D-Link Cookie command injection

Added: 07/30/2015 Background D-Link produces a variety of routers, switches, and other network equipment for home users and businesses. Problem A command injection vulnerability allows remote attackers to execute arbitrary commands by sending a specially crafted cookie in an HTTP request...

8.8AI score
Exploits0
Saint
Saint
•added 2015/05/11 12:0 a.m.•27 views

iTunes .PLS Title buffer overflow

Added: 05/11/2015 Background iTunes is a free media player for multiple platforms. Problem A buffer overflow vulnerability in iTunes allows command execution when a .PLS file containing a specially crafted Title parameter is opened. Resolution Do not open untrusted .PLS files. References...

0.7AI score
Exploits0
Saint
Saint
•added 2014/09/16 12:0 a.m.•27 views

ALCASAR index.php Crafted HTTP host Header Vulnerability

Added: 09/16/2014 BID: 69662 OSVDB: 111026 Background ALCASAR is a free Network Access Controller that allows network managers to restrict Internet service access to authenticated users. ALCASAR allows control and logging of all network activity by users and/or defined user groups. Problem ALCASA...

1.8AI score
Exploits0
Saint
Saint
•added 2014/01/28 12:0 a.m.•27 views

HP Data Protector Backup Client Service opcode 42 directory traversal

Added: 01/28/2014 CVE: CVE-2013-6194 BID: 64647 OSVDB: 101630 Background HP OpenView Storage Data Protector is a backup solution for enterprise and distributed environments. Problem A vulnerability in the Backup Client Service OmniInet.exe allows remote, unauthenticated attackers to write files t...

10CVSS7.4AI score0.65924EPSS
Exploits10
Saint
Saint
•added 2013/09/30 12:0 a.m.•27 views

Upgrade Attack

Added: 09/30/2013 Background The LLMNR Local Link Multicast Name Resolution protocol is used to answer wpad requests sent by Microsoft Windows. A rogue WPAD server delivers a wpad.dat file to poisoned hosts forcing them to proxy web requests through the SAINT server. In addition, HTTP requests ar...

0.3AI score
Exploits0
Saint
Saint
•added 2013/09/05 12:0 a.m.•27 views

Internet Explorer CFlatMarkupPointer Object Handling Use-after-free Vulnerability

Added: 09/05/2013 CVE: CVE-2013-3184 BID: 61668 OSVDB: 96182 Background Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems. Problem A user-after-free vulnerability when handling the InsertImage command identifier of CFlatMarkupPointer objects in a web...

9.3CVSS6.5AI score0.58427EPSS
Exploits8
Saint
Saint
•added 2013/06/17 12:0 a.m.•27 views

Internet Explorer textNode Style Computation Use After Free Vulnerability

Added: 06/17/2013 CVE: CVE-2013-1311 BID: 59752 OSVDB: 93296 Background Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems. Problem Internet Explorer 8 is vulnerable to remote code execution as a result of memory corruption when computations on the...

9.3CVSS8.8AI score0.20699EPSS
Exploits8
Saint
Saint
•added 2013/05/03 12:0 a.m.•27 views

Novell ZENworks Control Center file upload vulnerability

Added: 05/03/2013 CVE: CVE-2013-1080 BID: 58668 OSVDB: 91627 Background Novell ZENworks Configuration Management is an IT desktop computer management suite that provides the ability to install, configure and administer desktop computers from a centralized location. The product is based on a...

10CVSS7.5AI score0.77049EPSS
Exploits10
Saint
Saint
•added 2013/02/01 12:0 a.m.•27 views

EMC AlphaStor Device Manager Command Injection

Added: 02/01/2013 CVE: CVE-2013-0928 BID: 57472 OSVDB: 89436 Background EMC AlphaStor is a media lifecycle and tape library management product for enterprise environments. Problem EMC AlphaStor versions prior to 4.0 Build 800 are vulnerable to remote command injection. The AlphaStor Device Manage...

9.3CVSS7.1AI score0.34468EPSS
Exploits10
Saint
Saint
•added 2013/01/23 12:0 a.m.•27 views

Nagios XI Graph Explorer Component OS Command Injection Vulnerability

Added: 01/23/2013 BID: 54263 OSVDB: 83552 Background Nagios XI is a network host and service monitoring and management system. Problem Nagios XI Graph Explorer Component is vulnerable to arbitrary command execution by authenticated users. The vulnerability is due to the visApi.php script not...

0.1AI score
Exploits0
Saint
Saint
•added 2012/08/22 12:0 a.m.•27 views

Lotus Notes iNotes Attachment_Times ActiveX Overflow

Added: 08/22/2012 CVE: CVE-2012-2175 BID: 53879 OSVDB: 82755 Background Lotus Notes is the client for Lotus Domino servers. iNotes is a web-based alternative to the Notes client. Problem The iNotes ActiveX control does not properly validate the user-supplied values for the attachmenttimes...

9.3CVSS6.4AI score0.29436EPSS
Exploits9
Saint
Saint
•added 2012/08/20 12:0 a.m.•27 views

HP Operations Agent Opcode 0x8c vulnerability

Added: 08/20/2012 CVE: CVE-2012-2020 BID: 54362 OSVDB: 83674 Background HP Operations Agents is a fault and performance monitoring solution for servers. Problem A buffer overflow vulnerability in the coda.exe process, which listens on a random TCP port, could allow remote attackers to execute...

10CVSS7.8AI score0.64685EPSS
Exploits8
Total number of security vulnerabilities4305