Lucene search
K
SaintMost viewed

4305 matches found

Saint
Saint
•added 2013/04/01 12:0 a.m.•26 views

BigAnt Messenger Server DUPF Arbitrary File Upload

Added: 04/01/2013 CVE: CVE-2012-6274 BID: 57214 OSVDB: 89342 Background BigAnt Messenger Server offers secure instant messaging, file transfer, voip, video chat, web conferencing and more. Problem BigAnt Server 2.97 and earlier does not require authentication for file uploading, and does not...

5CVSS6.6AI score0.46868EPSS
Exploits8
Saint
Saint
•added 2013/02/22 12:0 a.m.•26 views

BigAnt Server SCH and DUPF Stack Overflow

Added: 02/22/2013 CVE: CVE-2012-6275 BID: 57214 OSVDB: 89344 Background BigAnt Messenger Server offers secure instant messaging, file transfer, voip, video chat, web conferencing and more. Problem BigAnt Server versions 2.97 SP7 and prior are vulnerable to a stack overflow condition due to improp...

10CVSS6.8AI score0.46498EPSS
Exploits8
Saint
Saint
•added 2013/02/01 12:0 a.m.•26 views

EMC AlphaStor Device Manager Command Injection

Added: 02/01/2013 CVE: CVE-2013-0928 BID: 57472 OSVDB: 89436 Background EMC AlphaStor is a media lifecycle and tape library management product for enterprise environments. Problem EMC AlphaStor versions prior to 4.0 Build 800 are vulnerable to remote command injection. The AlphaStor Device Manage...

9.3CVSS7AI score0.34468EPSS
Exploits10
Saint
Saint
•added 2012/12/07 12:0 a.m.•26 views

Novell NetIQ Privileged User Manager modifyAccounts Security Bypass

Added: 12/07/2012 BID: 56535 OSVDB: 87335 Background Novell NetIQ Privileged User Manager NPUM allows IT administrators to work on systems without exposing superuser administrator or supervisor passwords or root-account credentials to the administrator. Problem NetIQ Privileged User Manager 2.3.1...

0.4AI score
Exploits0
Saint
Saint
•added 2012/07/30 12:0 a.m.•26 views

Citrix Provisioning Services streamprocess.exe 0x40020000 Opcode Integer Underflow

Added: 07/30/2012 BID: 49803 OSVDB: 75780 Background Citrix Provisioning Services dynamically provisions virtual servers to simplify and streamline server management, while reducing software rollout risk. Problem Citrix Provisioning Services up to and including version 5.6 Service Pack 1 are...

1AI score
Exploits0
Saint
Saint
•added 2012/07/30 12:0 a.m.•26 views

Citrix Provisioning Services streamprocess.exe 0x40020000 Opcode Integer Underflow

Added: 07/30/2012 BID: 49803 OSVDB: 75780 Background Citrix Provisioning Services dynamically provisions virtual servers to simplify and streamline server management, while reducing software rollout risk. Problem Citrix Provisioning Services up to and including version 5.6 Service Pack 1 are...

8AI score
Exploits0
Saint
Saint
•added 2012/05/21 12:0 a.m.•26 views

Firefox AttributeChildRemoved Use After Free

Added: 05/21/2012 CVE: CVE-2011-3659 BID: 51755 OSVDB: 78736 Background Firefox is a freely available web browser for multiple platforms including Windows, Linux, and Mac OS. Problem In Firefox version prior to 3.6.26, and 4.0 through 9.0, when removing child objects from the DOM tree, the remove...

9.3CVSS9.8AI score0.36511EPSS
Exploits9
Saint
Saint
•added 2012/05/17 12:0 a.m.•26 views

SolarWinds Storage Manager SQL Injection

Added: 05/17/2012 BID: 51639 OSVDB: 81634 Background SolarWinds Storage Manager is agentless heterogeneous monitoring and reporting of the performance and capacity of physical and virtual storage infrastructure. It delivers visibility and insight into how your storage infrastructure maps to your...

0.7AI score
Exploits0
Saint
Saint
•added 2012/05/11 12:0 a.m.•26 views

Netop Remote Control DWS File Stack Buffer Overflow

Added: 05/11/2012 BID: 47631 OSVDB: 72291 Background NetOp Remote Control provides secure remote control and support for workstations, servers, embedded systems, and mobile devices. Problem NetOp Remote Control is vulnerable to stack buffer overflow as a result of failing to properly sanitize...

8.5AI score
Exploits0
Saint
Saint
•added 2012/01/20 12:0 a.m.•26 views

Citrix Provisioning Services Opcode 40020006 Integer Underflow

Added: 01/20/2012 BID: 49803 Background Citrix Provisioning Services dynamically provisions virtual servers to simplify and streamline server management, while reducing software rollout risk. Problem Citrix Provisioning Services 5.6 SP1 and prior are vulnerable to a remotely exploitable integer...

1AI score
Exploits0
Saint
Saint
•added 2011/12/28 12:0 a.m.•26 views

Hastymail rs parameter command injection

Added: 12/28/2011 CVE: CVE-2011-4542 BID: 50791 OSVDB: 77331 Background Hastymail is a fast, secure, rfc-compliant, cross-platform IMAP/SMTP client application written in PHP providing a clean web interface for sending and reading E-mail. Problem Hastymail2 fails to properly sanitize user-supplie...

7.5CVSS7.1AI score0.26063EPSS
Exploits9
Saint
Saint
•added 2011/12/23 12:0 a.m.•26 views

Novell iPrint Client ActiveX Control GetDriverSettings Stack Overflow

Added: 12/23/2011 CVE: CVE-2011-3173 BID: 50367 OSVDB: 76631 Background Novell iPrint is an application which allows users to install and manage printers. Novell iPrint installs the Novell iPrint Client ActiveX control named ienipp.ocx. Problem A buffer overflow vulnerability in the ActiveX contr...

7.5CVSS6.8AI score0.04893EPSS
Exploits4
Saint
Saint
•added 2011/12/12 12:0 a.m.•26 views

VanDyke AbsoluteFTP FTP Client LIST Overflow

Added: 12/12/2011 BID: 50614 OSVDB: 77105 Background VanDyke AbsoluteFTP is a popular free FTP client. AbsoluteFTP was replaced by SecureFX in 1998, and support for AbsoluteFTP ended in 2007. Problem The AbsoluteFTP client contains a buffer overflow vulnerability when parsing file and directory...

0.4AI score
Exploits0
Saint
Saint
•added 2011/12/05 12:0 a.m.•26 views

Cytel Studio CY3 File Processing Buffer Overflow

Added: 12/05/2011 BID: 49924 OSVDB: 75991 Background Cytel Inc. provides clinical trial design services and specialized statistical applications primarily for the biotech and pharmaceutical research markets. StatXact is a statistical software package based on the exact branch of statistics used b...

8.5AI score
Exploits0
Saint
Saint
•added 2011/11/21 12:0 a.m.•26 views

Oracle Hyperion Financial Management ActiveX Heap Overflow

Added: 11/21/2011 BID: 50565 OSVDB: 76913 Background Oracle Hyperion Financial Management is a web-based financial consolidation, reporting and analysis solution. Problem Hyperion Financial Management webapp installs an ActiveX control on the target system. This control is marked as safe for...

0.1AI score
Exploits0
Saint
Saint
•added 2011/10/17 12:0 a.m.•26 views

Microsoft Forefront Unified Access Gateway Java Applet Signed Code Execution

Added: 10/17/2011 CVE: CVE-2011-1969 BID: 49983 OSVDB: 76236 Background Microsoft Forefront Unified Access Gateway UAG is a reverse proxy and VPN solution. Problem End users of UAG must install a signed Java applet via MicrosoftClient.jar. This applet loads unsigned Java classes, which may allow ...

9.3CVSS7AI score0.17309EPSS
Exploits4
Saint
Saint
•added 2011/10/11 12:0 a.m.•26 views

NetSupport Client Handshake Hostname Overflow

Added: 10/11/2011 CVE: CVE-2011-0404 BID: 45728 OSVDB: 70408 Background NetSupport Manager is a remote desktop support solution. Problem The NetSupport client/server communication is carried out over a proprietary communications protocol. This protocol begins with a handshake between the client a...

7.5CVSS6.8AI score0.64739EPSS
Exploits8
Saint
Saint
•added 2011/09/29 12:0 a.m.•26 views

Sunway ForceControl SNMP NetDBServer Signed Integer Buffer Overflow

Added: 09/29/2011 BID: 49747 OSVDB: 75798 Background Sunway ForceControl is a Chinese SCADA/HMI software application widely used in China to help run weapons systems, utilities and chemical plants. It is also used to a lesser extent in other countries, including the US. SNMP NetDBServer is one of...

7.7AI score
Exploits0
Saint
Saint
•added 2011/07/29 12:0 a.m.•26 views

Java RMI Services Default Configuration Remote Loading

Added: 07/29/2011 Background The Java Remote Method Invocation RMI system allows an object running in one Java virtual machine to invoke methods on an object running in another Java virtual machine. RMI provides for remote communication between programs written in the Java programming language...

0.6AI score
Exploits0
Saint
Saint
•added 2011/07/29 12:0 a.m.•26 views

Java RMI Services Default Configuration Remote Loading

Added: 07/29/2011 Background The Java Remote Method Invocation RMI system allows an object running in one Java virtual machine to invoke methods on an object running in another Java virtual machine. RMI provides for remote communication between programs written in the Java programming language...

7.1AI score
Exploits0
Saint
Saint
•added 2011/07/08 12:0 a.m.•26 views

Citrix Provisioning Services OpCode 40020010 Stack Overflow

Added: 07/08/2011 BID: 45914 OSVDB: 70597 Background Citrix Provisioning Services dynamically provisions virtual servers to simplify and streamline server management, while reducing software rollout risk. Problem Citrix Provisioning Service 5.6 and prior are vulnerable to a remotely exploitable...

7.8AI score
Exploits0
Saint
Saint
•added 2011/06/14 12:0 a.m.•26 views

Quest Big Brother Remote File Overwrite

Added: 06/14/2011 BID: 47805 OSVDB: 72347 Background Quest Big Brother is server monitoring package. Problem The 'bbntd.exe' service of the Big Brother server version 4.40 and prior does not properly sanitize user requests and may allow an attacker to upload files using a directory traversal...

1.4AI score
Exploits0
Saint
Saint
•added 2011/03/28 12:0 a.m.•26 views

Microsoft Office Groove Insecure Library Loading

Added: 03/28/2011 CVE: CVE-2010-3146 BID: 42695 OSVDB: 67484 Background Microsoft Office Groove is a collaboration-based software application that allows teams and organizations to work together regardless of physical or network location. Problem Microsoft Office Groove has a vulnerability due to...

9.3CVSS6.4AI score0.13715EPSS
Exploits5
Saint
Saint
•added 2011/03/21 12:0 a.m.•26 views

EnterpriseDB PostgreSQL Plus Advanced Server DBA Management Server Authentication Bypass

Added: 03/21/2011 BID: 46662 Background Postgres Plus Advanced Server is an enterprise database solution. It includes several productivity tools, such as Migration Studio, Postgres Studio, DBA Management Server, and DBA Monitoring Console. Problem An authentication bypass vulnerability exists in...

0.2AI score
Exploits0
Saint
Saint
•added 2011/02/16 12:0 a.m.•26 views

Ipswitch TFTP Server Directory Traversal

Added: 02/16/2011 BID: 50890 OSVDB: 77455 Background Ipswitch makes software for businesses to manage networks, securely transfer files, and communicate via e-mail. They also provide some free network tools, including a TFTP server. Problem The Ipswitch TFTP Server version 1.0.0.24 has a director...

0.7AI score
Exploits0
Saint
Saint
•added 2011/02/14 12:0 a.m.•26 views

Microsoft Windows Fax Cover Page Editor Double Free Memory Corruption Vulnerability

Added: 02/14/2011 CVE: CVE-2010-4701 BID: 45942 Background The Microsoft Windows Fax Service allows a Windows system to act as a fax server. One of the tools within the Windows Fax Service suite is the Fax Cover Page Editor fxscover.exe, which allows users to create their own customized cover...

7.6CVSS6.6AI score0.47832EPSS
Exploits5
Saint
Saint
•added 2011/01/20 12:0 a.m.•26 views

HP OpenView Network Node Manager nnmRptConfig.exe nameParams text1 Buffer Overflow

Added: 01/20/2011 CVE: CVE-2011-0268 BID: 45762 OSVDB: 70473 Background HP OpenView Network Node Manager is network availability and performance management software. Problem A stack buffer overflow vulnerability allows remote attackers to execute arbitrary commands by requesting the...

10CVSS7.7AI score0.15629EPSS
Exploits4
Saint
Saint
•added 2010/12/22 12:0 a.m.•26 views

SAP Crystal Reports PrintControl.dll ServerResourceVersion buffer overflow

Added: 12/22/2010 CVE: CVE-2010-2590 BID: 45387 OSVDB: 69917 Background SAP Crystal Reports allows developers to design interactive reports from virtually any data source. Problem A buffer overflow vulnerability in the PrintControl.dll ActiveX control allows command execution when a user loads a...

9.3CVSS6.8AI score0.46776EPSS
Exploits9
Saint
Saint
•added 2010/11/19 12:0 a.m.•26 views

Oracle Secure Backup Administration selector parameter command injection

Added: 11/19/2010 CVE: CVE-2010-0906 BID: 41597 OSVDB: 67128 Background Oracle Secure Backup is a centralized tape backup management solution for Oracle Database. Problem A command injection vulnerability allows remote, authenticated attackers to execute arbitrary commands specified in the...

9CVSS7.4AI score0.02243EPSS
Exploits12
Saint
Saint
•added 2010/11/04 12:0 a.m.•26 views

Adobe Shockwave Director rcsL Chunk Remote Code Execution

Added: 11/04/2010 CVE: CVE-2010-3653 BID: 44291 OSVDB: 68803 Background Adobe Shockwave is a multimedia player used to add animation and interactivity to web pages. It allows Adobe Director applications to be published on the Internet and viewed in a web browser on any computer which has the...

9.3CVSS6.9AI score0.74626EPSS
Exploits9
Saint
Saint
•added 2010/09/29 12:0 a.m.•26 views

Oracle Secure Backup Administration property_box.php Other Variable Command Injection

Added: 09/29/2010 CVE: CVE-2010-0899 BID: 41616 OSVDB: 66333 Background Oracle Secure Backup is a centralized tape backup management solution for Oracle Database. Problem A command injection vulnerability in the Oracle Secure Backup web interface allows remote attackers to execute arbitrary...

9CVSS7.8AI score0.02243EPSS
Exploits4
Saint
Saint
•added 2010/09/20 12:0 a.m.•26 views

Apple QuickTime QTPlugin.ocx _Marshaled_pUnk Code Execution

Added: 09/20/2010 CVE: CVE-2010-1818 BID: 42841 OSVDB: 67705 Background Apple QuickTime is a media player for Windows and Mac OS platforms. Problem An input validation error in Apple QuickTime 7.6.7 and earlier versions allows remote attackers to execute arbitrary code by enticing the user to ope...

9.3CVSS7.3AI score0.42668EPSS
Exploits9
Saint
Saint
•added 2010/08/23 12:0 a.m.•26 views

ARP Spoof

Added: 08/23/2010 Background The Address Resolution Protocol ARP is used to resolve IP addresses into the hardware addresses which are used for delivering packets on a local network. Problem It is possible to send a computer a forged ARP reply, which is then stored in that computer's cache. This...

6.7AI score
Exploits0
Saint
Saint
•added 2010/01/08 12:0 a.m.•26 views

HP OpenView Application Recovery Manager MSG_PROTOCOL buffer overflow

Added: 01/08/2010 CVE: CVE-2009-3844 BID: 37250 OSVDB: 60852 Background HP OpenView Application Recovery Manager is a backup solution for business application data. Problem A buffer overflow vulnerability allows remote attackers to execute arbitrary commands by sending a specially crafted...

10CVSS7.7AI score0.74063EPSS
Exploits10
Saint
Saint
•added 2009/11/06 12:0 a.m.•26 views

Symantec Multiple Products AeXNSConsoleUtilities Buffer Overflow

Added: 11/06/2009 CVE: CVE-2009-3031 BID: 36698 OSVDB: 59597 Background Symantec Altiris Deployment Solution provides tools to deploy software on desktops and servers. Problem A stack buffer overflow vulnerability in the AeXNSConsoleUtilities.dll ActiveX control allows remote attackers to execute...

9.3CVSS7.7AI score0.45435EPSS
Exploits16
Saint
Saint
•added 2009/10/21 12:0 a.m.•26 views

HP LoadRunner XUpload ActiveX control MakeHttpRequest file download

Added: 10/21/2009 CVE: CVE-2009-3693 BID: 36550 Background HP LoadRunner is a software performance testing solution. HP LoadRunner includes the XUpload.ocx ActiveX control for performing file exchanges. Problem The MakeHttpRequest method in the XUpload.ocx ActiveX control can be used to download...

9.3CVSS6.8AI score0.4158EPSS
Exploits9
Saint
Saint
•added 2009/10/02 12:0 a.m.•26 views

EMC Captiva QuickScan Pro KeyHelp ActiveX Control JumpURL buffer overflow

Added: 10/02/2009 BID: 36546 OSVDB: 58423 Background EMC Captiva QuickScan Pro is a document capture solution. It includes KeyHelp, a free ActiveX control used for enhancing HTML help systems. Problem A buffer overflow vulnerability in the KeyHelp ActiveX Control allows command execution when a...

0.4AI score
Exploits0
Saint
Saint
•added 2009/08/03 12:0 a.m.•26 views

Easy Chat Server Authentication Request Buffer Overflow

Added: 08/03/2009 Background Easy Chat Server is a web-based chat server for Microsoft Windows. Problem The server is vulnerable to a remote buffer-overflow attack which can be triggered by sending a specially crafted password parameter to chat.ghp. Resolution Easy Chat Server 2.2 and earlier are...

7AI score
Exploits0
Saint
Saint
•added 2009/04/20 12:0 a.m.•26 views

Microsoft PowerPoint invalid object reference vulnerability

Added: 04/20/2009 CVE: CVE-2009-0556 BID: 34351 OSVDB: 53182 Background Microsoft PowerPoint is presentation software included in the Microsoft Office desktop suite. Problem A memory corruption vulnerability in Microsoft PowerPoint allows command execution when an invalid object is referenced...

9.3CVSS6.5AI score0.67539EPSS
Exploits5
Saint
Saint
•added 2009/04/10 12:0 a.m.•26 views

SQL injection

Added: 04/10/2009 Background Structured Query Language SQL is the most common language understood by modern relational databases. Problem A web program uses input parameters within an SQL query in an unsafe manner. This could allow a remote attacker to inject arbitrary SQL commands via a speciall...

0.2AI score
Exploits0
Saint
Saint
•added 2009/02/25 12:0 a.m.•26 views

Oracle 9i Release 2 XDB FTP Pass Overflow

Added: 02/25/2009 CVE: CVE-2003-0727 BID: 8375 OSVDB: 2449 Background Oracle 9i release 2 includes the XDB FTP service which by default listens on port 2100. Problem A buffer overflow vulnerability in the parsing of credentials passed to the server allows remote attackers to execute arbitrary...

2.1CVSS7.5AI score0.68395EPSS
Exploits26
Saint
Saint
•added 2009/02/20 12:0 a.m.•26 views

UltraVNC ClientConnection integer overflow

Added: 02/20/2009 CVE: CVE-2009-0388 BID: 33568 Background UltraVNC is free software for remote desktop access. Problem Multiple integer overflow vulnerabilities in the ClientConnection class allow command execution when a user connects to a VNC server which sends a message with a large length...

10CVSS7AI score0.13334EPSS
Exploits11
Saint
Saint
•added 2009/02/17 12:0 a.m.•26 views

Free Download Manager torrent file parsing buffer overflow

Added: 02/17/2009 CVE: CVE-2009-0184 BID: 33555 Background Free Download Manager is a download accelerator and manager for Windows systems. Problem A buffer overflow vulnerability allows command execution when a user opens a torrent file containing a long file name. Resolution Upgrade to version...

9.3CVSS6.9AI score0.27803EPSS
Exploits12
Saint
Saint
•added 2009/02/17 12:0 a.m.•26 views

Free Download Manager torrent file parsing buffer overflow

Added: 02/17/2009 CVE: CVE-2009-0184 BID: 33555 Background Free Download Manager is a download accelerator and manager for Windows systems. Problem A buffer overflow vulnerability allows command execution when a user opens a torrent file containing a long file name. Resolution Upgrade to version...

9.3CVSS7AI score0.27803EPSS
Exploits12
Saint
Saint
•added 2009/02/04 12:0 a.m.•26 views

Free Download Manager Remote Control Server HTTP Authorization buffer overflow

Added: 02/04/2009 CVE: CVE-2009-0183 BID: 33554 OSVDB: 51745 Background Free Download Manager is a download accelerator and manager for Windows systems. Problem A buffer overflow vulnerability in the Free Download Manager Remote Control Server allows remote attackers to execute arbitrary commands...

10CVSS7.8AI score0.66526EPSS
Exploits13
Saint
Saint
•added 2009/01/28 12:0 a.m.•26 views

Oracle Secure Backup NDMP_CONECT_CLIENT_AUTH buffer overflow

Added: 01/28/2009 CVE: CVE-2008-5444 BID: 33177 OSVDB: 51340 Background Oracle Secure Backup is a centralized tape backup management solution for Oracle Database. Problem A buffer overflow vulnerability in Oracle Secure Backup when handling the NDMP protocol allows remote attackers to execute...

10CVSS7.4AI score0.60625EPSS
Exploits7
Saint
Saint
•added 2008/10/30 12:0 a.m.•26 views

Cyrus IMAP pop3d popsubfolders buffer overflow

Added: 10/30/2008 CVE: CVE-2006-2502 BID: 18056 OSVDB: 25853 Background Cyrus IMAP is an open-source IMAP, POP3, and KPOP server. The popsubfolders configuration option allows POP3 users to access subfolders by specifying the subfolder name when logging in. Problem When the popsubfolders...

5.1CVSS7.9AI score0.53333EPSS
Exploits12
Saint
Saint
•added 2008/08/11 12:0 a.m.•26 views

Trend Micro OfficeScan objRemoveCtrl ActiveX buffer overflow

Added: 08/11/2008 CVE: CVE-2008-3364 BID: 30407 OSVDB: 47213 Background Trend Micro OfficeScan is a centralized virus and security scan management system. Problem A buffer overflow in the objRemoveCtrl ActiveX control, which is automatically installed when OfficeScan is installed through the serv...

9.3CVSS7.1AI score0.32811EPSS
Exploits6
Saint
Saint
•added 2008/08/11 12:0 a.m.•26 views

CA ARCserve Backup LGServer handshake buffer overflow

Added: 08/11/2008 CVE: CVE-2008-3175 BID: 30472 OSVDB: 47545 Background BrightStor ARCserve Backup for Laptops and Desktops is an automated backup solution optimized for low-bandwidth, intermittent network connections. Problem A buffer overflow vulnerability in the LGServer.exe server process...

10CVSS7.8AI score0.144EPSS
Exploits5
Saint
Saint
•added 2008/06/20 12:0 a.m.•26 views

OpenOffice OLE importer DocumentSummaryInformation buffer overflow

Added: 06/20/2008 CVE: CVE-2008-0320 BID: 28819 OSVDB: 44472 Background OpenOffice is a free productivity suite for multiple platforms. OpenOffice includes an importer for Microsoft's Object Linking and Embedding OLE framework. Problem A buffer overflow vulnerability in the OLE importer allows...

9.3CVSS7.8AI score0.57015EPSS
Exploits10
Total number of security vulnerabilities4305