Lucene search
K
SaintMost viewed

4305 matches found

Saint
Saint
•added 2006/02/16 12:0 a.m.•24 views

Windows Media Player plugin EMBED buffer overflow

Added: 02/16/2006 CVE: CVE-2006-0005 BID: 16644 OSVDB: 23132 Background The Windows Media Player plug-in allows the processing of embedded media from inside other applications, such as web browsers. Problem A buffer overflow in the Windows Media Player plug-in allows remote command execution when...

9.3CVSS7AI score0.43861EPSS
Exploits8
Saint
Saint
•added 2006/01/24 12:0 a.m.•24 views

Arkeia Type 77 Request buffer overflow

Added: 01/24/2006 CVE: CVE-2005-0491 BID: 12594 OSVDB: 14011 Background The Arkeia network backup software includes a daemon program called arkeiad which listens for connections on TCP port 617. Problem A buffer overflow in the processing of type 77 requests sent to the arkeiad listener allows...

10CVSS7.3AI score0.64901EPSS
Exploits13
Saint
Saint
•added 2006/01/09 12:0 a.m.•24 views

sadmind AUTH_SYS authentication vulnerability

Added: 01/09/2006 CVE: CVE-2003-0722 BID: 8615 OSVDB: 4585 Background sadmind is a service which coordinates distributed system administration operations remotely. The Sun Solstice AdminSuite runs sadmind with the AUTHSYS authentication method by default. Problem The sadmind running with the...

10CVSS7.4AI score0.85678EPSS
Exploits9
Saint
Saint
•added 2005/12/01 12:0 a.m.•24 views

Internet Explorer onload window vulnerability

Added: 12/01/2005 CVE: CVE-2005-1790 BID: 13799 OSVDB: 17094 Background Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems. Problem Internet Explorer fails to properly initialize the window function when called from an onLoad event in a body tag. This...

2.6CVSS6.2AI score0.83472EPSS
Exploits9
Saint
Saint
•added 2005/11/30 12:0 a.m.•24 views

RSA SecurID Web Agent for IIS redirect buffer overflow

Added: 11/30/2005 CVE: CVE-2005-4734 BID: 26424 OSVDB: 20151 Background RSA SecurID Web Agent for IIS provides access control for IIS web servers using one-time authentication tokens. Problem A buffer overflow in IISWebAgentIF.dll could allow a remote attacker to execute arbitrary commands using ...

6.4CVSS7.9AI score0.54485EPSS
Exploits8
Saint
Saint
•added 2005/11/25 12:0 a.m.•24 views

Internet Explorer inline content filename extension vulnerability

Added: 11/25/2005 CVE: CVE-2001-0727 BID: 3578 OSVDB: 3033 Background Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems. Problem Using a null byte %00 in the filename field found in the Content-disposition header, a remote web server may be able to...

7.5CVSS7.7AI score0.31007EPSS
Exploits4
Saint
Saint
•added 2026/05/07 12:0 a.m.•23 views

MetInfo weixinreply command injection

Added: 05/07/2026 Background MetInfo is an open-source content management system CMS written in PHP and MySQL developed in China. Problem A vulnerability in the weixinreply class allows remote attackers to execute arbitrary commands by sending an API request with specially crafted EventKey and...

6.1AI score
Exploits0
Saint
Saint
•added 2016/07/14 12:0 a.m.•23 views

TikiWiki elfinder file upload

Added: 07/14/2016 Background TikiWiki is a multi-purpose web content management system written in PHP. Problem The third-party elfinder component allows unauthenticated users to upload arbitrary files, which can then be executed using a simple HTTP request. Resolution Upgrade to TikiWiki 12.9,...

7.6AI score
Exploits0
Saint
Saint
•added 2016/02/29 12:0 a.m.•23 views

Centreon web interface command injection

Added: 02/29/2016 Background Centreon is a suite of enterprise monitoring products written in PHP. Problem A command injection vulnerability in the Centreon web interface allows remote attackers to execute arbitrary commands by sending a specially crafted useralias parameter in a POST request. Th...

8.7AI score
Exploits0
Saint
Saint
•added 2016/01/08 12:0 a.m.•23 views

Easy File Sharing Web Server HEAD HTTP request vulnerability

Added: 01/08/2016 Background Easy File Sharing Web Server is software that allows users to upload/download files to a server easily through a web browser, as well as providing a bulletin board system forum. Problem Easy File Sharing Web Server is vulnerable to a stack buffer overflow condition as...

8.3AI score
Exploits0
Saint
Saint
•added 2015/12/28 12:0 a.m.•23 views

FireEye MPS JAR analyzer command execution

Added: 12/28/2015 BID: 78809 Background The FireEye Malware Protection System MPS detects and eliminates malware found on file shares, web downloads, and e-mail. Problem A vulnerability in the Java Archive analysis tool could allow command execution when the tool analyzes a specially crafted JAR...

7.6AI score
Exploits0
Saint
Saint
•added 2014/12/31 12:0 a.m.•23 views

Liferay Portal Apache Felix command injection

Added: 12/31/2014 OSVDB: 116510 Background Liferay Portal is an enterprise web platform for building business solutions. Apache Felix is an implementation of the OSGi Framework and Service platform. Problem Liferay Portal is affected by a vulnerability which could allow remote attackers to execut...

8.3AI score
Exploits0
Saint
Saint
•added 2014/04/28 12:0 a.m.•23 views

WinRAR ZIP File Handling Filename Spoofing Vulnerability

Added: 04/28/2014 BID: 66383 OSVDB: 62610 Background WinRAR is a shareware file archiver and data compression utility which runs on Microsoft Windows. It can create archives in ZIP format, as well as its own proprietary RAR format, and unpack a variety of other archive types. Problem WinRAR 4.x i...

8.2AI score
Exploits0
Saint
Saint
•added 2013/06/03 12:0 a.m.•23 views

SAP NetWeaver SOAP RFC SXPG_CALL_SYSTEM Command Execution

Added: 06/03/2013 OSVDB: 93537 Background SAP NetWeaver is a technology platform for building and integrating SAP business applications. Remote Function Call RFC is the standard SAP interface for communication between SAP systems. Transaction SM69 is used to create and maintain external operating...

0.2AI score
Exploits0
Saint
Saint
•added 2013/06/03 12:0 a.m.•23 views

SAP NetWeaver SOAP RFC SXPG_CALL_SYSTEM Command Execution

Added: 06/03/2013 OSVDB: 93537 Background SAP NetWeaver is a technology platform for building and integrating SAP business applications. Remote Function Call RFC is the standard SAP interface for communication between SAP systems. Transaction SM69 is used to create and maintain external operating...

0.2AI score
Exploits0
Saint
Saint
•added 2013/04/12 12:0 a.m.•23 views

ActFax RAW Server Stack Buffer Overflow

Added: 04/12/2013 BID: 57789 OSVDB: 89944 Background ActFax is a Windows-based software package that sends, receives and electronically stores faxes. Problem The ActFax RAW server is vulnerable to a boundary error when processing the @F000 data field, which could result in stack-based buffer...

1.3AI score
Exploits0
Saint
Saint
•added 2013/02/22 12:0 a.m.•23 views

BigAnt Server SCH and DUPF Stack Overflow

Added: 02/22/2013 CVE: CVE-2012-6275 BID: 57214 OSVDB: 89344 Background BigAnt Messenger Server offers secure instant messaging, file transfer, voip, video chat, web conferencing and more. Problem BigAnt Server versions 2.97 SP7 and prior are vulnerable to a stack overflow condition due to improp...

10CVSS6.8AI score0.46498EPSS
Exploits8
Saint
Saint
•added 2013/01/23 12:0 a.m.•23 views

Nagios XI Graph Explorer Component OS Command Injection Vulnerability

Added: 01/23/2013 BID: 54263 OSVDB: 83552 Background Nagios XI is a network host and service monitoring and management system. Problem Nagios XI Graph Explorer Component is vulnerable to arbitrary command execution by authenticated users. The vulnerability is due to the visApi.php script not...

0.1AI score
Exploits0
Saint
Saint
•added 2013/01/12 12:0 a.m.•23 views

Foxit Reader Plugin for Firefox URL Filename Stack Buffer Overflow

Added: 01/12/2013 BID: 57174 OSVDB: 89030 Background Foxit Reader is a free PDF reader for Microsoft Windows systems. Problem Foxit Reader plugin for Firefox npFoxitReaderPlugin.dll is vulnerable to remote code execution as a result of failure to check boundary conditions when processing a URL...

Exploits0
Saint
Saint
•added 2012/10/22 12:0 a.m.•23 views

HP SiteScope SOAP Call APIPreferenceImpl Security Bypass

Added: 10/22/2012 CVE: CVE-2012-3261 BID: 55269 OSVDB: 85796 Background HP SiteScope is an agentless software application used to monitor the availability and performance of distributed IT infrastructures including servers, operating systems, network and Internet services, applications and...

10CVSS7.1AI score0.40225EPSS
Exploits5
Saint
Saint
•added 2012/08/20 12:0 a.m.•23 views

HP Operations Agent Opcode 0x8c vulnerability

Added: 08/20/2012 CVE: CVE-2012-2020 BID: 54362 OSVDB: 83674 Background HP Operations Agents is a fault and performance monitoring solution for servers. Problem A buffer overflow vulnerability in the coda.exe process, which listens on a random TCP port, could allow remote attackers to execute...

10CVSS7.8AI score0.64685EPSS
Exploits8
Saint
Saint
•added 2012/08/17 12:0 a.m.•23 views

Oracle Business Transaction Management FlashTunnelService WriteToFile Vulnerability

Added: 08/17/2012 BID: 54839 Background Oracle Business Transaction Management BTM is a component of several Oracle Enterprise Manager Management Packs, including WebLogic Server Management Pack Enterprise Edition. Oracle BTM provides capability in three key areas: transaction visibility,...

8.1AI score
Exploits0
Saint
Saint
•added 2012/05/04 12:0 a.m.•23 views

McAfee Virtual Technician MVT.MVTControl ActiveX Control Insecure Method

Added: 05/04/2012 BID: 53304 Background McAfee Virtual Technician is a free automated diagnosis and and problem resolution tool which scans a Windows system to ensure that McAfee products are installed correctly. Problem McAfee Virtual Technician ActiveX control MVT.dll, as provided in McAfee...

8AI score
Exploits0
Saint
Saint
•added 2012/02/22 12:0 a.m.•23 views

Sunway ForceControl SNMP NetDBServer Data Chunk Copy Buffer Overflow

Added: 02/22/2012 BID: 49747 OSVDB: 75798 Background Sunway ForceControl is a Chinese SCADA/HMI software application widely used in China to help run weapons systems, utilities and chemical plants. It is also used to a lesser extent in other countries, including the US. SNMP NetDBServer is one of...

7.7AI score
Exploits0
Saint
Saint
•added 2012/01/20 12:0 a.m.•23 views

Citrix Provisioning Services Opcode 40020006 Integer Underflow

Added: 01/20/2012 BID: 49803 Background Citrix Provisioning Services dynamically provisions virtual servers to simplify and streamline server management, while reducing software rollout risk. Problem Citrix Provisioning Services 5.6 SP1 and prior are vulnerable to a remotely exploitable integer...

8.1AI score
Exploits0
Saint
Saint
•added 2011/12/12 12:0 a.m.•23 views

BroadWin WebAccess SCADA Client ActiveX Format String

Added: 12/12/2011 OSVDB: 74897 Background BroadWin WebAccess is a web-based SCADA reporting and control solution. Problem BroadWin WebAccess installs an ActiveX Control in the user's browser. The OcxSpool function of this control accepts a parameter that is evaluated using a format string. A form...

7.4AI score
Exploits0
Saint
Saint
•added 2011/09/26 12:0 a.m.•23 views

Freefloat FTPD Invalid Command Overflow

Added: 09/26/2011 BID: 48704 Background Freefloat is a software series developed directly for handheld terminals. Freefloat FTP Server is a free FTP server for various versions of Windows including Windows CE/Pocket PC. Problem Freefloat FTP Server is vulnerable to a stack overflow as a result of...

7.8AI score
Exploits0
Saint
Saint
•added 2011/04/08 12:0 a.m.•23 views

Zend Server Java Bridge Remote Code Execution

Added: 04/08/2011 BID: 47060 OSVDB: 71420 Background Zend Server is an enterprise web application server for hosting PHP applications. Problem The Zend Server Java Bridge allows PHP applications to execute methods in Java classes. The Java Bridge does not validate that requests to execute Java co...

7.5AI score
Exploits0
Saint
Saint
•added 2011/03/18 12:0 a.m.•23 views

AOL Desktop .rtx File Buffer Overflow

Added: 03/18/2011 BID: 46129 OSVDB: 70741 Background AOL Desktop is an internet suite that integrates a web browser, media player, and IM client. Problem A heap overflow vulnerability exists in the Rich Text file parser of AOL Desktop 9.x. In documents with HTML links, the parser does not properl...

1AI score
Exploits0
Saint
Saint
•added 2011/03/17 12:0 a.m.•23 views

Cisco Security Agent Management Center Code Execution

Added: 03/17/2011 CVE: CVE-2011-0364 BID: 65436 OSVDB: 70884 Background Cisco Security Agent Management Center is the server component of Cisco's Security Agent endpoint IPS solution. It is responsible for collecting event log information from endpoints and distributing rules updates. Problem The...

10CVSS6.2AI score0.19617EPSS
Exploits9
Saint
Saint
•added 2011/03/14 12:0 a.m.•23 views

Microsoft Remote Desktop Connection Insecure Library Injection

Added: 03/14/2011 CVE: CVE-2011-0029 BID: 46678 OSVDB: 71014 Background The Windows Remote Desktop allows desktop access to one Windows computer from another Windows computer. Problem A library loading vulnerability in the Remote Desktop Client allows arbitrary command execution when a user opens...

9.3CVSS6.7AI score0.0716EPSS
Exploits4
Saint
Saint
•added 2011/02/16 12:0 a.m.•23 views

Ipswitch TFTP Server Directory Traversal

Added: 02/16/2011 BID: 50890 OSVDB: 77455 Background Ipswitch makes software for businesses to manage networks, securely transfer files, and communicate via e-mail. They also provide some free network tools, including a TFTP server. Problem The Ipswitch TFTP Server version 1.0.0.24 has a director...

0.7AI score
Exploits0
Saint
Saint
•added 2010/11/04 12:0 a.m.•23 views

Adobe Shockwave Director rcsL Chunk Remote Code Execution

Added: 11/04/2010 CVE: CVE-2010-3653 BID: 44291 OSVDB: 68803 Background Adobe Shockwave is a multimedia player used to add animation and interactivity to web pages. It allows Adobe Director applications to be published on the Internet and viewed in a web browser on any computer which has the...

9.3CVSS6.9AI score0.74626EPSS
Exploits9
Saint
Saint
•added 2010/09/24 12:0 a.m.•23 views

Lotus Domino nrouter.exe iCalendar MAILTO buffer overflow

Added: 09/24/2010 CVE: CVE-2010-3407 BID: 43219 OSVDB: 68040 Background IBM Lotus Domino is a messaging and collaboration solution for multiple platforms. Problem A buffer overflow in the nrouter.exe service allows remote attackers to execute arbitrary commands by sending an iCalendar message...

9.3CVSS7.8AI score0.41475EPSS
Exploits9
Saint
Saint
•added 2010/07/16 12:0 a.m.•23 views

Viscom Software Movie Player Pro ActiveX Control DrawText Buffer Overflow

Added: 07/16/2010 CVE: CVE-2010-0356 BID: 40719 OSVDB: 61634 Background Viscom Movie Player Pro SDK ActiveX is a software development kit for Microsoft Windows environments to incorporate an advanced media player with overlay text and images. Problem The MOVIEPLAYER.MoviePlayerCtrl.1 ActiveX...

9.3CVSS7.4AI score0.30383EPSS
Exploits9
Saint
Saint
•added 2010/07/16 12:0 a.m.•23 views

Microsoft Outlook SMB Attachment ATTACH_BY_REFERENCE vulnerability

Added: 07/16/2010 CVE: CVE-2010-0266 BID: 41446 OSVDB: 66296 Background Microsoft Outlook is an e-mail client which also provides calendar, scheduling, contact management, and information sharing capabilities. Problem A vulnerability in Microsoft Outlook allows command execution when a user opens...

9.3CVSS6.1AI score0.55278EPSS
Exploits11
Saint
Saint
•added 2010/04/14 12:0 a.m.•23 views

Windows Media Unicast Service transport information packet buffer overflow

Added: 04/14/2010 CVE: CVE-2010-0478 Background The Windows Media Unicast Service is the part of Windows Media Services which allows streaming media to be sent to a specific user. Problem A buffer overflow vulnerability allows remote attackers to execute arbitrary commands by sending a specially...

9.3CVSS7.3AI score0.63024EPSS
Exploits10
Saint
Saint
•added 2010/04/08 12:0 a.m.•23 views

Easy FTP Server MKD command buffer overflow

Added: 04/08/2010 BID: 38102 OSVDB: 62134 Background UplusFTP formerly Easy FTP Server is a free FTP server for Windows platforms. Problem A buffer overflow vulnerability allows remote, authenticated attackers to execute arbitrary commands by sending a MKD command with a specially crafted argumen...

1.6AI score
Exploits0
Saint
Saint
•added 2010/03/05 12:0 a.m.•23 views

Lotus Domino Web Access ActiveX control InstallBrowserHelperDll buffer overflow

Added: 03/05/2010 BID: 38457 OSVDB: 62612 Background Lotus Domino Web Access provides capabilities similar to those of the Lotus Notes client, delivered through a web browser. It includes an ActiveX control implemented in inotes6w.dll , dwa7w.dll , dwa8w.dll , and dwa85w.dll. Problem A buffer...

7.7AI score
Exploits0
Saint
Saint
•added 2009/10/27 12:0 a.m.•23 views

Adobe Reader FlateDecode filter TIFF Predictor integer overflow

Added: 10/27/2009 CVE: CVE-2009-3459 BID: 36600 OSVDB: 58729 Background Adobe Reader is free software for viewing PDF documents. Problem An integer overflow in the FlateDecode filter in Adobe Reader allows command execution when a user opens a PDF file containing specially crafted compressed...

9.3CVSS6.7AI score0.86583EPSS
Exploits12
Saint
Saint
•added 2009/03/18 12:0 a.m.•23 views

Download connection

Added: 03/18/2009 Background This tool allows you to download a file which, when executed, establishes a command connection. Limitations This tool requires a user to execute the downloaded file in order to succeed. The target field must be a licensed target but is unused. Platforms Windows Linux...

1.6AI score
Exploits0
Saint
Saint
•added 2008/12/24 12:0 a.m.•23 views

Norton AntiSpam 2004 SymSpamHelper ActiveX control buffer overflow

Added: 12/24/2008 CVE: CVE-2004-0363 BID: 9916 OSVDB: 6249 Background Norton AntiSpam 2004, which is included in Norton Internet Security 2004, is spam filtering software. Problem A buffer overflow vulnerability in the SymSpamHelper ActiveX control symspam.dll allows command execution when a user...

7.5CVSS6.9AI score0.66567EPSS
Exploits7
Saint
Saint
•added 2008/12/12 12:0 a.m.•23 views

Internet Explorer XML data binding memory corruption

Added: 12/12/2008 CVE: CVE-2008-4844 BID: 32721 OSVDB: 50622 Background Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems. Problem A data binding error allows command execution when a user loads specially crafted XML code containing nested SPAN tags,...

9.3CVSS7.5AI score0.66513EPSS
Exploits10
Saint
Saint
•added 2008/10/03 12:0 a.m.•23 views

DATAC RealWin SCADA Server FC_INFOTAG/SET_CONTROL buffer overflow

Added: 10/03/2008 CVE: CVE-2008-4322 BID: 31418 OSVDB: 48606 Background RealWin is a Supervisory Control and Data Acquisition SCADA server which is distributed by DATAC. Problem A buffer overflow vulnerability in RealWin Server allows remote attackers to execute arbitrary commands by sending a...

10CVSS7.8AI score0.64828EPSS
Exploits8
Saint
Saint
•added 2008/05/22 12:0 a.m.•23 views

HP Software Update HPeDiag ActiveX Control GetXmlFromIni buffer overflow

Added: 05/22/2008 CVE: CVE-2008-0712 BID: 28929 OSVDB: 44662 Background HP Software Update is shipped with various kinds of HP computers to keep HP software up to date. Problem A buffer overflow in the GetXmlFromIni method of the HPeDiag ActiveX control allows command execution when a user loads ...

6.8CVSS6.9AI score0.04697EPSS
Exploits4
Saint
Saint
•added 2008/03/31 12:0 a.m.•23 views

MDaemon IMAP FETCH command buffer overflow

Added: 03/31/2008 CVE: CVE-2008-1358 BID: 28245 OSVDB: 43111 Background MDaemon is an e-mail server for Windows. Problem A buffer overflow vulnerability in the IMAP service allows authenticated users to execute arbitrary commands by sending a FETCH command with a long BODY. Resolution Upgrade to...

6.5CVSS7.6AI score0.57075EPSS
Exploits7
Saint
Saint
•added 2008/03/28 12:0 a.m.•23 views

rpc.ypupdated command injection vulnerability

Added: 03/28/2008 CVE: CVE-1999-0208 BID: 1749 OSVDB: 11517 Background Network Information Service NIS is a distributed database that allows you to maintain consistent configuration files throughout your network. rpc.ypupdated is an NIS service which is responsible for duplicating information fro...

10CVSS7.6AI score0.12856EPSS
Exploits5
Saint
Saint
•added 2008/03/21 12:0 a.m.•23 views

Symantec Backup Exec for Windows Servers scheduler ActiveX buffer overflow

Added: 03/21/2008 CVE: CVE-2007-6016 BID: 26904 OSVDB: 42358 Background Symantec Backup Exec for Windows Servers is a backup and recovery solution for Windows servers. Problem An ActiveX buffer overflow vulnerability in pvcalendar.ocx in the scheduler component of Symantec Backup Exec for Windows...

9.3CVSS6.9AI score0.50419EPSS
Exploits8
Saint
Saint
•added 2008/02/04 12:0 a.m.•23 views

Winamp Ultravox streaming metadata artist tag buffer overflow

Added: 02/04/2008 CVE: CVE-2008-0065 BID: 27344 OSVDB: 41707 Background Winamp is a media player for Windows. Problem A buffer overflow vulnerability in the inmp3.dll library when parsing Ultravox streaming metadata allows command execution when a user opens a stream containing a long, specially...

10CVSS6.8AI score0.61275EPSS
Exploits8
Saint
Saint
•added 2008/01/28 12:0 a.m.•23 views

Tivoli Provisioning Manager for OS Deployment HTTP server buffer overflow

Added: 01/28/2008 CVE: CVE-2008-0401 BID: 27387 OSVDB: 40481 Background Tivoli Provisioning Manager for OS Deployment is a product which facilitates remote operating system installation and management. Problem A buffer overflow vulnerability in the HTTP server which comes with Tivoli Provisioning...

10CVSS7.8AI score0.08377EPSS
Exploits5
Total number of security vulnerabilities4305