Lucene search
K
SaintMost viewed

4305 matches found

Saint
Saint
•added 2007/05/11 12:0 a.m.•25 views

McAfee ePolicy Orchestrator SiteManager ExportSiteList buffer overflow

Added: 05/11/2007 CVE: CVE-2007-1498 BID: 22952 OSVDB: 33796 Background ePolicy Orchestrator is a centralized security configuration and monitoring application. It includes the SiteManager ActiveX control which is implemented by sitemanager.dll. Problem A buffer overflow vulnerability in the...

9.3CVSS6.9AI score0.07729EPSS
Exploits8
Saint
Saint
•added 2007/05/11 12:0 a.m.•25 views

McAfee ePolicy Orchestrator SiteManager ExportSiteList buffer overflow

Added: 05/11/2007 CVE: CVE-2007-1498 BID: 22952 OSVDB: 33796 Background ePolicy Orchestrator is a centralized security configuration and monitoring application. It includes the SiteManager ActiveX control which is implemented by sitemanager.dll. Problem A buffer overflow vulnerability in the...

9.3CVSS6.9AI score0.07729EPSS
Exploits8
Saint
Saint
•added 2007/03/30 12:0 a.m.•25 views

System V login argument array buffer overflow

Added: 03/30/2007 CVE: CVE-2001-0797 BID: 3681 OSVDB: 690 Background The login program is used by various applications for authentication to the system. Problem The login program dervied from System V is affected by a buffer overflow vulnerability when processing a long argument array. A remote...

10CVSS7.7AI score0.88836EPSS
Exploits27
Saint
Saint
•added 2007/02/02 12:0 a.m.•25 views

BrightStor ARCserve LGServer buffer overflow

Added: 02/02/2007 CVE: CVE-2007-0449 BID: 22342 OSVDB: 31593 Background BrightStor ARCserve Backup for Laptops and Desktops is an automated backup solution optimized for low-bandwidth, intermittent network connections. Problem A buffer overflow vulnerability in BrightStor ARCserve Backup for...

10CVSS7.8AI score0.7924EPSS
Exploits7
Saint
Saint
•added 2006/12/18 12:0 a.m.•25 views

Oracle MD2 component SDO_CODE_SIZE buffer overflow

Added: 12/18/2006 CVE: CVE-2004-1774 BID: 10871 OSVDB: 9867 Background Oracle Database is a relational database solution available for multiple platforms. Problem A buffer overflow in the SDOCODESIZE function in the MD2 component of Oracle Database allows remote attackers to execute arbitrary...

7.2CVSS9.8AI score0.02672EPSS
Exploits5
Saint
Saint
•added 2006/12/08 12:0 a.m.•25 views

3Com TFTP server Transporting Mode buffer overflow

Added: 12/08/2006 CVE: CVE-2006-6183 BID: 21301 OSVDB: 30758 Background 3CTftpSvc by 3Com is a freeware implementation of the TFTP protocol for Windows. Problem A buffer overflow vulnerability in the 3Com TFTP server allows remote attackers to execute arbitrary commands by sending a long, special...

10CVSS7.7AI score0.7057EPSS
Exploits12
Saint
Saint
•added 2006/11/07 12:0 a.m.•25 views

Oracle Security Component sys.pbsde buffer overflow

Added: 11/07/2006 CVE: CVE-2005-3438 BID: 15134 OSVDB: 20612 Background pbsde is a package of stored procedures which is part of the base installation of Oracle Database. Problem A buffer overflow in the sys.pbsde.init procedure allows database users to execute arbitrary commands. Resolution Appl...

10CVSS7.3AI score0.05866EPSS
Exploits5
Saint
Saint
•added 2006/10/12 12:0 a.m.•25 views

Microsoft PowerPoint NamedShows record code execution

Added: 10/12/2006 CVE: CVE-2006-4694 BID: 20226 OSVDB: 29259 Background Microsoft PowerPoint is presentation software included in the Microsoft Office desktop suite. Problem Improper handling of malformed NamedShows records in PowerPoint files allows command execution. Resolution Apply the patch...

9.3CVSS6.4AI score0.12458EPSS
Exploits4
Saint
Saint
•added 2006/10/06 12:0 a.m.•25 views

McAfee HTTP header processing buffer overflow

Added: 10/06/2006 CVE: CVE-2006-5156 BID: 20288 OSVDB: 29421 Background McAfee ePolicy Orchestrator and Protection Pilot are centralized security management products. These products include an HTTP server implemented by the NAISERV.exe program. Problem A buffer overflow vulnerability in the McAfe...

10CVSS7.8AI score0.72228EPSS
Exploits8
Saint
Saint
•added 2006/10/06 12:0 a.m.•25 views

McAfee HTTP header processing buffer overflow

Added: 10/06/2006 CVE: CVE-2006-5156 BID: 20288 OSVDB: 29421 Background McAfee ePolicy Orchestrator and Protection Pilot are centralized security management products. These products include an HTTP server implemented by the NAISERV.exe program. Problem A buffer overflow vulnerability in the McAfe...

10CVSS7.8AI score0.72228EPSS
Exploits8
Saint
Saint
•added 2006/09/29 12:0 a.m.•25 views

IMail SMTP RCPT TO buffer overflow

Added: 09/29/2006 CVE: CVE-2006-4379 BID: 19885 OSVDB: 28576 Background IMail is an e-mail server for Windows platforms. Problem A buffer overflow vulnerability in the SMTP daemon allows remote command execution by sending a RCPT TO argument containing a long string between @ and : characters...

7.5CVSS7.1AI score0.60041EPSS
Exploits8
Saint
Saint
•added 2006/09/29 12:0 a.m.•25 views

Internet Explorer WebViewFolderIcon setSlice integer overflow

Added: 09/29/2006 CVE: CVE-2006-3730 BID: 19030 OSVDB: 27110 Background The WebViewFolderIcon ActiveX control provides support for icons in the Windows Explorer Web view. Problem An integer overflow vulnerability in the setSlice method in the WebViewFolderIcon ActiveX control allows remote comman...

9.3CVSS6.8AI score0.63817EPSS
Exploits9
Saint
Saint
•added 2006/09/20 12:0 a.m.•25 views

Internet Explorer VML rect fill buffer overflow

Added: 09/20/2006 CVE: CVE-2006-4868 BID: 20096 OSVDB: 28946 Background Vector Markup Language VML is an XML-based format for vector graphics. Problem A buffer overflow in Internet Explorer when processing VML code allows remote command execution using a long fill parameter within a rect tag...

9.3CVSS7.2AI score0.62149EPSS
Exploits7
Saint
Saint
•added 2006/09/18 12:0 a.m.•25 views

MDaemon WorldClient form2raw.cgi From buffer overflow

Added: 09/18/2006 CVE: CVE-2003-1200 BID: 9317 OSVDB: 3255 Background MDaemon is an e-mail server product for Windows. It includes a web mail component called WorldClient. Problem A buffer overflow in MDaemon WorldClient allows remote command execution by sending a web request for the form2raw.cg...

7.5CVSS7.2AI score0.65097EPSS
Exploits8
Saint
Saint
•added 2006/09/08 12:0 a.m.•25 views

TikiWiki file upload vulnerability (jhot.php)

Added: 09/08/2006 CVE: CVE-2006-4602 BID: 19819 OSVDB: 28456 Background TikiWiki is a multi-purpose web content management system written in PHP. Problem The jhot.php script allows remote attackers to upload arbitrary PHP commands into the img/wiki directory. The commands can then be executed by...

7.5CVSS6.8AI score0.42596EPSS
Exploits8
Saint
Saint
•added 2006/04/06 12:0 a.m.•25 views

TWiki revision control shell command injection

Added: 04/06/2006 CVE: CVE-2005-2877 BID: 14834 OSVDB: 19403 Background TWiki is a web-based collaboration platform written in PERL. Problem The revision control function in TWiki does not sufficiently check the rev parameter before using it in a shell command call. This allows remote attackers t...

7.5CVSS7.4AI score0.71104EPSS
Exploits8
Saint
Saint
•added 2006/03/28 12:0 a.m.•25 views

Internet Explorer createTextRange memory corruption

Added: 03/28/2006 CVE: CVE-2006-1359 BID: 17196 OSVDB: 24050 Background The createTextRange dynamic HTML method creates a text range object for an HTML element. Problem A flaw in the handling of unexpected createTextRange method calls by certain HTML objects could result in command execution...

9.3CVSS6AI score0.68068EPSS
Exploits11
Saint
Saint
•added 2006/03/24 12:0 a.m.•25 views

BakBone NetVault remote heap overflow

Added: 03/24/2006 CVE: CVE-2005-1009 BID: 12967 OSVDB: 15234 Background BakBone NetVault is a distributed data backup and restore solution for UNIX and Windows networks. Problem A heap overflow vulnerability allows remote attackers to execute arbitrary commands by sending a specially crafted...

10CVSS7.7AI score0.57017EPSS
Exploits8
Saint
Saint
•added 2006/03/13 12:0 a.m.•25 views

phpRPC decode function command execution

Added: 03/13/2006 CVE: CVE-2006-1032 BID: 16833 OSVDB: 23514 Background phpRPC is an xmlrpc library written in PHP supporting most databases. Problem A vulnerability in the decode function allows a remote attacker to execute arbitrary PHP commands placed inside a tag. Resolution phpRPC is no long...

7.5CVSS7.4AI score0.03484EPSS
Exploits6
Saint
Saint
•added 2005/12/22 12:0 a.m.•25 views

MySQL MaxDB WebTools special character buffer overflow

Added: 12/22/2005 CVE: CVE-2005-0684 BID: 13368 OSVDB: 15816 Background MaxDB is a SAP-certified open-source database developed by MySQL. The WebTools component offers a set of database tools which are accessible from a web browser. The wahttp program listens on port 9999 and processes HTTP...

10CVSS7AI score0.68504EPSS
Exploits7
Saint
Saint
•added 2005/11/30 12:0 a.m.•26 views

NetMail IMAP buffer overflow

Added: 11/30/2005 CVE: CVE-2005-3314 BID: 15491 OSVDB: 20956 Background Novell NetMail is an e-mail and calendaring server application. Problem A buffer overflow in the NetMail IMAP service could allow authenticated users to execute arbitrary commands using a long, specially crafted argument to...

7.5CVSS7.4AI score0.65657EPSS
Exploits7
Saint
Saint
•added 2005/11/30 12:0 a.m.•25 views

Oracle Enterprise Manager Agent buffer overflow

Added: 11/30/2005 CVE: CVE-2005-3460 BID: 15146 OSVDB: 20664 Background Oracle Application Server 10g includes the emagent.exe program which listens for connections on port 1830/TCP by default. Problem A buffer overflow vulnerability in emagent.exe could allow a remote attacker to execute arbitra...

10CVSS7.5AI score0.04145EPSS
Exploits4
Saint
Saint
•added 2005/11/29 12:0 a.m.•25 views

MailEnable IMAP STATUS buffer overflow

Added: 11/29/2005 CVE: CVE-2005-2278 BID: 14243 OSVDB: 17844 Background MailEnable is a mail server for Windows platforms. The standard edition supports the SMTP and POP3 protocols. MailEnable Professional and MailEnable Enterprise also support IMAP and HTTPMail. Problem A buffer overflow in the...

7.2CVSS7.4AI score0.8464EPSS
Exploits8
Saint
Saint
•added 2005/11/04 12:0 a.m.•25 views

Sybase EAServer WebConsole buffer overflow

Added: 11/04/2005 CVE: CVE-2005-2297 BID: 14287 OSVDB: 17995 Background Sybase EAServer is a web application server. Problem A buffer overflow in the Sybase EAServer WebConsole allows a remote attcker to execute arbitrary commands by requesting /WebConsole/Login.jsp with a long query string...

4.6CVSS7.8AI score0.74202EPSS
Exploits6
Saint
Saint
•added 2019/07/26 12:0 a.m.•24 views

Citrix SD-WAN Appliance SQL and command injection

Added: 07/26/2019 Background Citrix Software-defined wide-area network SD-WAN is a service that grants the enterprise with the ability to dynamically connect branch offices and data centers on a global scale. Problem Citrix SD-WAN 10.1.x and 10.2.x before 10.2.3 allow unauthenticated SQL injectio...

8.6AI score
Exploits0
Saint
Saint
•added 2018/01/09 12:0 a.m.•24 views

Oracle WebLogic Server WLS Security Component Deserialization Vulnerability

Added: 01/09/2018 BID: 101304 Background Oracle WebLogic Server formerly BEA WebLogic Server is a Java web application platform. Problem Oracle WebLogic Server has a vulnerability in the WLS Security wls-wsat component that could allow an unauthenticated remote attacker who has HTTP access to the...

7.6AI score
Exploits0
Saint
Saint
•added 2014/07/02 12:0 a.m.•24 views

Easy File Management Web Server UserID Cookie Handling Buffer Overflow

Added: 07/02/2014 BID: 67542 OSVDB: 107241 Background Easy File Management Web Server is a Microsoft Windows based file management application that allows remote users to upload and download files through a web browser. It also supports online editing of Word, Excel, PowerPoint and PDF documents ...

0.7AI score
Exploits0
Saint
Saint
•added 2014/03/06 12:0 a.m.•24 views

Eudora WorldMail IMAPd UID Command Buffer Overflow Vulnerability

Added: 03/06/2014 BID: 65650 OSVDB: 104071 Background Eudora WorldMail is an e-mail server for Windows. Problem Eudora WorldMail version 9.0.333.0 and probably earlier IMAPd service is vulnerable to buffer overflow as a result of improper validation of user-supplied input when handling UID...

0.9AI score
Exploits0
Saint
Saint
•added 2013/07/18 12:0 a.m.•24 views

Novell ZENworks Mobile Management DUSAP.php Language Parameter Vulnerability

Added: 07/18/2013 CVE: CVE-2013-1082 BID: 60179 OSVDB: 91118 Background ZENworks Mobile Management ZMM offers centralized management tools that are useful for deploying new mobile devices in the workforce, whether those devices are company-issued or privately owned. ZMM ensures that users have th...

7.5CVSS7.3AI score0.12767EPSS
Exploits5
Saint
Saint
•added 2013/01/12 12:0 a.m.•24 views

Foxit Reader Plugin for Firefox URL Filename Stack Buffer Overflow

Added: 01/12/2013 BID: 57174 OSVDB: 89030 Background Foxit Reader is a free PDF reader for Microsoft Windows systems. Problem Foxit Reader plugin for Firefox npFoxitReaderPlugin.dll is vulnerable to remote code execution as a result of failure to check boundary conditions when processing a URL...

Exploits0
Saint
Saint
•added 2012/10/12 12:0 a.m.•24 views

HP Diagnostics magentservice.exe Malformed Packet Parsing Vulnerability

Added: 10/12/2012 BID: 55159 OSVDB: 84855 Background HP Diagnostics software monitors application transaction health in traditional, virtualized and cloud environments. Problem HP Diagnostics Server has a buffer overflow vulnerability in the magentservice.exe process that could allow...

8.3AI score
Exploits0
Saint
Saint
•added 2012/10/09 12:0 a.m.•24 views

HP Application Lifecycle Management ActiveX Control Arbitrary File Overwrite

Added: 10/09/2012 BID: 55272 OSVDB: 85059 Background HP Application Lifecycle Management ALM is a software product designed to manage the application lifecycle from requirements through readiness for delivery from a single repository, providing a consistent user experience and customizable...

7.6AI score
Exploits0
Saint
Saint
•added 2012/08/29 12:0 a.m.•24 views

SAP NetWeaver SAPHostControl Command Injection

Added: 08/29/2012 BID: 55084 OSVDB: 84821 Background SAP NetWeaver is a technology platform for building and integrating SAP business applications. Problem The NetWeaver management console exposes an authenticated SOAP web service interface. During the authentication phase, user-supplied values...

0.5AI score
Exploits0
Saint
Saint
•added 2012/08/20 12:0 a.m.•24 views

HP Operations Agent Opcode 0x8c vulnerability

Added: 08/20/2012 CVE: CVE-2012-2020 BID: 54362 OSVDB: 83674 Background HP Operations Agents is a fault and performance monitoring solution for servers. Problem A buffer overflow vulnerability in the coda.exe process, which listens on a random TCP port, could allow remote attackers to execute...

10CVSS7.8AI score0.64685EPSS
Exploits8
Saint
Saint
•added 2012/05/04 12:0 a.m.•24 views

McAfee Virtual Technician MVT.MVTControl ActiveX Control Insecure Method

Added: 05/04/2012 BID: 53304 Background McAfee Virtual Technician is a free automated diagnosis and and problem resolution tool which scans a Windows system to ensure that McAfee products are installed correctly. Problem McAfee Virtual Technician ActiveX control MVT.dll, as provided in McAfee...

8AI score
Exploits0
Saint
Saint
•added 2012/04/13 12:0 a.m.•24 views

Tivoli Provisioning Manager Express ActiveX RunAndUploadFile vulnerability

Added: 04/13/2012 CVE: CVE-2012-0198 BID: 52252 OSVDB: 79735 Background Tivoli Provisioning Manager Express for Software Distribution is a software inventory and distribution solution. Problem A buffer overflow vulnerability in the RunAndUploadFile method in the Isig.isigCtl.1 ActiveX control...

9.3CVSS7AI score0.37437EPSS
Exploits6
Saint
Saint
•added 2011/12/12 12:0 a.m.•24 views

BroadWin WebAccess SCADA Client ActiveX Format String

Added: 12/12/2011 OSVDB: 74897 Background BroadWin WebAccess is a web-based SCADA reporting and control solution. Problem BroadWin WebAccess installs an ActiveX Control in the user's browser. The OcxSpool function of this control accepts a parameter that is evaluated using a format string. A form...

7.3AI score
Exploits0
Saint
Saint
•added 2011/07/14 12:0 a.m.•24 views

Get OS X 10.7 Hashes

Added: 07/14/2011 Background This tool attempts to retrieve the SHA 512 password hashes stored by OS X Lion 10.7.x Acounts are enumerated using dscl . list /Users/ and password hashes are eunmerated using dscl . read /Users/ Limitations A connection to the target is required to run this tool. The...

0.6AI score
Exploits0
Saint
Saint
•added 2011/07/08 12:0 a.m.•24 views

Citrix Provisioning Services OpCode 40020010 Stack Overflow

Added: 07/08/2011 BID: 45914 OSVDB: 70597 Background Citrix Provisioning Services dynamically provisions virtual servers to simplify and streamline server management, while reducing software rollout risk. Problem Citrix Provisioning Service 5.6 and prior are vulnerable to a remotely exploitable...

7.8AI score
Exploits0
Saint
Saint
•added 2011/06/03 12:0 a.m.•24 views

McAfee Firewall Reporter isValidClient Authentication Bypass

Added: 06/03/2011 BID: 47306 OSVDB: 71842 Background McAfee Firewall Reporter is an enterprise-class security event management SEM reporting solution. Problem McAfee Firewall Reporter versions 5.1.0.6 through 5.1.0.12 are vulnerable to an authentication bypass that may allow remote attackers to...

8.1AI score
Exploits0
Saint
Saint
•added 2011/02/03 12:0 a.m.•24 views

Symantec Alert Management System PIN number buffer overflow

Added: 02/03/2011 CVE: CVE-2010-0110 BID: 45936 Background The Symantec Alert Management System 2 AMS2 is used by multiple Symantec products. It includes an Intel Alert Handler service hndlrsvc.exe. This service handles messages forwarded to it by the Alert Originator Manager, which listens on po...

7.9CVSS7.7AI score0.0513EPSS
Exploits12
Saint
Saint
•added 2010/12/10 12:0 a.m.•24 views

HP Data Protector Manager MMD Service Stack Buffer Overflow

Added: 12/10/2010 BID: 45128 Background HP Data Protector is a backup solution for enterprise and distributed environments. The Data Protector environment consists of a Cell Manager, backup agents, and backup device servers. The Cell Manager is the central point from which backup agents and devic...

7.7AI score
Exploits0
Saint
Saint
•added 2010/11/22 12:0 a.m.•24 views

Foxit Reader Crafted PDF Title Handling Stack Buffer Overflow

Added: 11/22/2010 OSVDB: 68648 Background Foxit Reader is a free PDF reader for Microsoft Windows systems. Problem Foxit Reader for Windows is vulnerable to a stack buffer overflow which could allow execution of arbitrary code. A remote attacker can exploit this vulnerability by enticing a user t...

0.6AI score
Exploits0
Saint
Saint
•added 2010/09/29 12:0 a.m.•24 views

Oracle Secure Backup Administration property_box.php Other Variable Command Injection

Added: 09/29/2010 CVE: CVE-2010-0899 BID: 41616 OSVDB: 66333 Background Oracle Secure Backup is a centralized tape backup management solution for Oracle Database. Problem A command injection vulnerability in the Oracle Secure Backup web interface allows remote attackers to execute arbitrary...

9CVSS7.8AI score0.02243EPSS
Exploits4
Saint
Saint
•added 2010/06/23 12:0 a.m.•24 views

HP OpenView Network Node Manager ovwebsnmpsrv.exe buffer overflow via jovgraph.exe

Added: 06/23/2010 CVE: CVE-2009-4181 BID: 37261 OSVDB: 60932 Background HP OpenView Network Node Manager is network availability and performance management software. Problem A buffer overflow vulnerability in ovwebsnmpsrv.exe allows remote attackers to execute arbitrary commands by sending...

10CVSS7.8AI score0.1086EPSS
Exploits5
Saint
Saint
•added 2010/04/30 12:0 a.m.•24 views

Microsoft Publisher File Conversion Textbox buffer overflow

Added: 04/30/2010 CVE: CVE-2010-0479 BID: 39347 OSVDB: 63748 Background Microsoft Office Publisher, part of the Microsoft Office suite, is a product for creating publications and marketing materials. Problem A buffer overflow vulnerability allows command execution when a user loads a Publisher 97...

9.3CVSS6.7AI score0.23415EPSS
Exploits5
Saint
Saint
•added 2009/11/08 12:0 a.m.•24 views

Serv-U Web Client session cookie handling buffer overflow

Added: 11/08/2009 BID: 36895 OSVDB: 59772 Background Serv-U is an FTP server for Windows platforms. The Serv-U Web Client component provides a browser-based interface to Serv-U. Problem A buffer overflow in the Serv-U Web Client allows remote attackers to execute arbitrary code when overly long...

2.1AI score
Exploits0
Saint
Saint
•added 2009/10/16 12:0 a.m.•24 views

IBM Installation Manager iim URI Handling Code Execution

Added: 10/16/2009 CVE: CVE-2009-3518 BID: 36549 OSVDB: 58420 Background IBM Installation Manager IIM is a software tool that helps to install, update, modify, and uninstall packages. Problem When IIM is installed it registers the application IBMIM.exe as the iim:// scheme handler, so when an iim:...

9.3CVSS6.7AI score0.05477EPSS
Exploits5
Saint
Saint
•added 2009/10/13 12:0 a.m.•24 views

Google Apps googleapps.url.mailto handler command injection

Added: 10/13/2009 BID: 36581 Background Google Apps is a web-based productivity suite hosted by Google. Problem Google Apps handles googleapps.url.mailto URLs by passing the URL as a command-line argument to the googleapps.exe program without sufficiently validating the URL. This allows command...

7.2AI score
Exploits0
Saint
Saint
•added 2009/10/02 12:0 a.m.•24 views

EMC Captiva QuickScan Pro KeyHelp ActiveX Control JumpURL buffer overflow

Added: 10/02/2009 BID: 36546 OSVDB: 58423 Background EMC Captiva QuickScan Pro is a document capture solution. It includes KeyHelp, a free ActiveX control used for enhancing HTML help systems. Problem A buffer overflow vulnerability in the KeyHelp ActiveX Control allows command execution when a...

7.7AI score
Exploits0
Total number of security vulnerabilities4305