Lucene search
K
SaintMost viewed

4305 matches found

Saint
Saint
•added 2011/10/24 12:0 a.m.•22 views

ACD Systems Fotoslate PLP File ID Parameter Buffer Overflow

Added: 10/24/2011 CVE: CVE-2011-2595 BID: 49558 OSVDB: 75425 Background ACD Systems FotoSlate 4 Photo Print Studio allows users to create contact sheets or wallet sized prints, choose themed frames, and create custom calendars. Problem Fotoslate 4.0 Build 146 is vulnerable to remote code executio...

10CVSS6.9AI score0.6128EPSS
Exploits8
Saint
Saint
•added 2011/09/07 12:0 a.m.•22 views

MPlayer SAMI Subtitle File Overflow

Added: 09/07/2011 BID: 49149 OSVDB: 74604 Background MPlayer is an open source media player with support for many operating systems. Problem MPlayer does not properly validate the contents of Synchronized Accessible Media Interchange SAMI caption files. If a video references a malformed SAMI file...

0.1AI score
Exploits0
Saint
Saint
•added 2011/07/29 12:0 a.m.•22 views

Java RMI Services Default Configuration Remote Loading

Added: 07/29/2011 Background The Java Remote Method Invocation RMI system allows an object running in one Java virtual machine to invoke methods on an object running in another Java virtual machine. RMI provides for remote communication between programs written in the Java programming language...

7.1AI score
Exploits0
Saint
Saint
•added 2011/07/14 12:0 a.m.•22 views

Mac camera image capture

Added: 07/14/2011 Background This tool attempts to retrieve an image file captured by an iSight camera such as the one built into a MacBook. Limitations A connection to the target is required to run this tool. Platforms Mac OS X...

1AI score
Exploits0
Saint
Saint
•added 2011/04/08 12:0 a.m.•22 views

Zend Server Java Bridge Remote Code Execution

Added: 04/08/2011 BID: 47060 OSVDB: 71420 Background Zend Server is an enterprise web application server for hosting PHP applications. Problem The Zend Server Java Bridge allows PHP applications to execute methods in Java classes. The Java Bridge does not validate that requests to execute Java co...

Exploits0
Saint
Saint
•added 2011/03/03 12:0 a.m.•22 views

HP Data Protector Client agent EXEC_SETUP code execution

Added: 03/03/2011 CVE: CVE-2011-0922 BID: 46234 OSVDB: 72525 Background HP OpenView Storage Data Protector is a backup solution for enterprise and distributed environments. Problem The backup agent provided by the Data Protector Backup Client Service may be instructed to execute a setup file from...

10CVSS6.6AI score0.64219EPSS
Exploits20
Saint
Saint
•added 2011/01/04 12:0 a.m.•22 views

SQL injection authentication bypass

Added: 01/04/2011 Background Structured Query Language SQL is the most common language understood by modern relational databases. Problem A web program uses input parameters within an SQL query in an unsafe manner. This could allow a remote attacker to manipulate the authentication query via a...

8.5AI score
Exploits0
Saint
Saint
•added 2010/08/25 12:0 a.m.•22 views

Novell iPrint Client ActiveX control call-back-url buffer overflow

Added: 08/25/2010 CVE: CVE-2010-1527 BID: 42576 Background Novell iPrint is an application which allows users to install and manage printers. Novell iPrint installs the Novell iPrint Control ActiveX control named ienipp.ocx. Problem A buffer overflow vulnerability allows command execution when a...

9.3CVSS6.7AI score0.35987EPSS
Exploits18
Saint
Saint
•added 2010/08/20 12:0 a.m.•22 views

Symantec Alert Management System Intel Alert Handler command execution

Added: 08/20/2010 BID: 41959 OSVDB: 66807 Background The Symantec Alert Management System 2 AMS2 is used by multiple Symantec products. It includes an Intel Alert Handler service hndlrsvc.exe. This service handles messages forwarded to it by the Alert Originator Manager, which listens on port...

0.9AI score
Exploits0
Saint
Saint
•added 2009/10/21 12:0 a.m.•22 views

HP LoadRunner XUpload ActiveX control MakeHttpRequest file download

Added: 10/21/2009 CVE: CVE-2009-3693 BID: 36550 Background HP LoadRunner is a software performance testing solution. HP LoadRunner includes the XUpload.ocx ActiveX control for performing file exchanges. Problem The MakeHttpRequest method in the XUpload.ocx ActiveX control can be used to download...

9.3CVSS6.8AI score0.4158EPSS
Exploits9
Saint
Saint
•added 2009/09/16 12:0 a.m.•22 views

Safari WebKit floating point number buffer overflow

Added: 09/16/2009 CVE: CVE-2009-2195 BID: 36023 OSVDB: 56988 Background Safari is a web browser for Mac OS X and Windows. Safari is built upon the WebKit browser engine. Problem A buffer overflow vulnerability in WebKit allows command execution when a user loads a page which contains a specially...

9.3CVSS9AI score0.13294EPSS
Exploits4
Saint
Saint
•added 2009/08/05 12:0 a.m.•22 views

MS Office Word malformed Sprm record buffer overflow

Added: 08/05/2009 CVE: CVE-2009-0565 BID: 35190 OSVDB: 54960 Background Microsoft Office Word is Microsoft's word processing software, released as a component of Microsoft Office suite. Problem A buffer overflow in Microsoft Office Word allows remote command execution when a specially crafted Wor...

9.3CVSS7.8AI score0.40503EPSS
Exploits8
Saint
Saint
•added 2009/05/05 12:0 a.m.•22 views

Symantec Alert Management System Intel Alert Originator Service msgsys.exe buffer overflow

Added: 05/05/2009 CVE: CVE-2009-1430 BID: 34674 OSVDB: 54159 Background The Symantec Alert Management System 2 AMS2 is used by multiple Symantec products. The Intel Alert Originator IAO service is a component of AMS2. The msgsys.exe process is a preprocessor for the IAO service and listens on TCP...

9.3CVSS7.8AI score0.55088EPSS
Exploits9
Saint
Saint
•added 2009/04/01 12:0 a.m.•22 views

IBM Access Support ActiveX GetXMLValue buffer overflow

Added: 04/01/2009 CVE: CVE-2009-0215 BID: 34228 OSVDB: 52958 Background The IBM Access Support ActiveX control is used to collect system information. It comes with certain IBM and Lenovo computer systems. Problem A buffer overflow vulnerability allows command execution when a user loads a page...

9.3CVSS6.6AI score0.36309EPSS
Exploits9
Saint
Saint
•added 2009/03/10 12:0 a.m.•22 views

Winamp skin file MAKI script buffer overflow

Added: 03/10/2009 BID: 34009 Background Winamp is a media player for Windows. Problem A buffer overflow in Winamp allows command execution when a user opens a skin file containing a compiled MAKI script with a specially crafted string having an incorrect length field. Resolution Upgrade to Winamp...

7.9AI score
Exploits0
Saint
Saint
•added 2008/12/11 12:0 a.m.•22 views

Internet Explorer embed tag src extension buffer overflow

Added: 12/11/2008 CVE: CVE-2008-4261 BID: 32595 OSVDB: 50610 Background The HTML embed tag allows developers to embed plug-ins in web pages. Problem A vulnerability in Internet Explorer allows command execution when a user loads a page containing an embed tag with a src attribute containing a...

9.3CVSS6.3AI score0.29709EPSS
Exploits4
Saint
Saint
•added 2008/11/28 12:0 a.m.•22 views

CA ARCserve Backup for Laptops and Desktops LGServer password integer overflow

Added: 11/28/2008 CVE: CVE-2007-5004 BID: 24348 OSVDB: 41352 Background BrightStor ARCserve Backup for Laptops and Desktops is an automated backup solution optimized for low-bandwidth, intermittent network connections. Problem An integer overflow vulnerability allows remote attackers to execute...

9.3CVSS7.9AI score0.08902EPSS
Exploits5
Saint
Saint
•added 2008/10/03 12:0 a.m.•22 views

DATAC RealWin SCADA Server FC_INFOTAG/SET_CONTROL buffer overflow

Added: 10/03/2008 CVE: CVE-2008-4322 BID: 31418 OSVDB: 48606 Background RealWin is a Supervisory Control and Data Acquisition SCADA server which is distributed by DATAC. Problem A buffer overflow vulnerability in RealWin Server allows remote attackers to execute arbitrary commands by sending a...

10CVSS7.7AI score0.64828EPSS
Exploits8
Saint
Saint
•added 2008/09/09 12:0 a.m.•22 views

Windows Media Encoder 9 wmex.dll ActiveX buffer overflow

Added: 09/09/2008 CVE: CVE-2008-3008 BID: 31065 OSVDB: 47962 Background Windows Media Encoder is a tool for content producers to capture and compress audio and video content. Windows Media Encoder 9 installs the wmex.dll ActiveX control. Problem A buffer overflow vulnerability in the wmex.dll...

9.3CVSS6.8AI score0.54553EPSS
Exploits9
Saint
Saint
•added 2008/07/07 12:0 a.m.•22 views

Novell GroupWise Messenger HTTP response handling buffer overflow

Added: 07/07/2008 CVE: CVE-2008-2703 BID: 29602 OSVDB: 46041 Background GroupWise Messenger is an instant messaging client for Novell GroupWise. Problem Novell GroupWise is affected by a buffer overflow vulnerability which could allow command execution when the client program processes specially...

10CVSS6.9AI score0.61121EPSS
Exploits7
Saint
Saint
•added 2008/04/07 12:0 a.m.•22 views

Cisco Secure ACS UCP CSuserCGI.exe buffer overflow

Added: 04/07/2008 CVE: CVE-2008-0532 BID: 28222 OSVDB: 42961 Background Cisco Secure Access Control Server ACS is a centralized user access control framework which can be used with routers, switches, firewalls, VPNs, and other devices. User Changeable Passwords UCP, a utility implemented by Cisco...

10CVSS7.8AI score0.57136EPSS
Exploits7
Saint
Saint
•added 2008/01/28 12:0 a.m.•22 views

Tivoli Provisioning Manager for OS Deployment HTTP server buffer overflow

Added: 01/28/2008 CVE: CVE-2008-0401 BID: 27387 OSVDB: 40481 Background Tivoli Provisioning Manager for OS Deployment is a product which facilitates remote operating system installation and management. Problem A buffer overflow vulnerability in the HTTP server which comes with Tivoli Provisioning...

10CVSS7.7AI score0.08377EPSS
Exploits5
Saint
Saint
•added 2008/01/22 12:0 a.m.•22 views

Microsoft DirectX SAMI parser buffer overflow

Added: 01/22/2008 CVE: CVE-2007-3901 BID: 26789 OSVDB: 39126 Background DirectX is a feature of the Windows operating system used for streaming media. Problem A buffer overflow vulnerability in DirectX allows command execution when a user opens a specially crafted SAMI file in Windows Media Playe...

8.5CVSS6.7AI score0.45873EPSS
Exploits13
Saint
Saint
•added 2007/12/24 12:0 a.m.•22 views

HP OpenView Network Node Manager ovlogin.exe buffer overflow

Added: 12/24/2007 CVE: CVE-2007-6204 BID: 26741 OSVDB: 39529 Background HP OpenView Network Node Manager is network availability and performance management software. Problem A buffer overflow in the Network Node Manager web interface allows remote attackers to execute arbitrary commands by sendin...

10CVSS7.7AI score0.69613EPSS
Exploits9
Saint
Saint
•added 2007/11/01 12:0 a.m.•22 views

BrightStor ARCserve Backup LGServer rxrLogin buffer overflow

Added: 11/01/2007 CVE: CVE-2007-5003 BID: 24348 OSVDB: 41353 Background BrightStor ARCserve Backup for Laptops and Desktops is an automated backup solution optimized for low-bandwidth, intermittent network connections. Problem A buffer overflow vulnerability in the rxrLogin function allows remote...

10CVSS7.8AI score0.67204EPSS
Exploits8
Saint
Saint
•added 2007/09/20 12:0 a.m.•22 views

Symantec Norton NavComUI ActiveX control vulnerability

Added: 09/20/2007 CVE: CVE-2007-2955 BID: 24983 OSVDB: 36477 Background The Symantec Norton product suite includes antivirus, firewall, and other security functions. Problem Vulnerabilities in the AxSysListView32 and AxSysListView32OAA ActiveX controls, implemented by the NavComUI.dll library...

6.8CVSS6.8AI score0.0405EPSS
Exploits4
Saint
Saint
•added 2007/08/03 12:0 a.m.•22 views

Yahoo! Widgets ActiveX control GetComponentVersion buffer overflow

Added: 08/03/2007 CVE: CVE-2007-4034 BID: 25086 OSVDB: 37705 Background Yahoo! Widgets is desktop software which runs any number of small, real-time, Internet applications called widgets. Problem A buffer overflow vulnerability in the YDPCTL ActiveX Control allows command execution when a user...

9.3CVSS6.9AI score0.1296EPSS
Exploits6
Saint
Saint
•added 2007/08/02 12:0 a.m.•22 views

Ipswitch IMail IMAP SUBSCRIBE command buffer overflow

Added: 08/02/2007 CVE: CVE-2007-3927 BID: 24962 OSVDB: 36222 Background IMail is an e-mail server for Windows platforms. Problem A buffer overflow vulnerability in the IMAP service could allow an authenticated attacker to execute arbitrary commands by sending a specially crafted SUBSCRIBE command...

10CVSS7.5AI score0.21893EPSS
Exploits4
Saint
Saint
•added 2007/07/27 12:0 a.m.•22 views

Ipswitch IMail Server IMAP SEARCH buffer overflow

Added: 07/27/2007 CVE: CVE-2007-3925 BID: 24962 OSVDB: 36219 Background IMail is an e-mail server for Windows platforms. Problem A buffer overflow vulnerability in the IMAP service could allow an authenticated attacker to execute arbitrary commands by sending a specially crafted SEARCH command...

6.5CVSS7.6AI score0.84673EPSS
Exploits7
Saint
Saint
•added 2007/05/25 12:0 a.m.•22 views

CA Console Server username buffer overflow

Added: 05/25/2007 CVE: CVE-2007-2522 BID: 23906 OSVDB: 34585 Background Multiple CA products include the inoweb Console Server which listens for connections on port 12168/TCP. Problem A buffer overflow vulnerability allows remote attackers to execute arbitrary commands by sending a long, speciall...

10CVSS7.7AI score0.26589EPSS
Exploits4
Saint
Saint
•added 2007/04/25 12:0 a.m.•22 views

Oracle Database Advanced Replication component DBMS_SNAP_INTERNAL overflow

Added: 04/25/2007 CVE: CVE-2007-2116 BID: 23532 OSVDB: 39933 Background Package DBMSSNAPINTERNAL of schema SYS is an Advanced Replication component used internally by Oracle Database. Problem A buffer overflow vulnerability in DBMSSNAPINTERNAL allows remote attackers to execute arbitrary commands...

9CVSS7.6AI score0.02946EPSS
Exploits4
Saint
Saint
•added 2007/04/03 12:0 a.m.•22 views

MERCUR imapd NTLMSSP

Added: 04/03/2007 CVE: CVE-2007-1578 BID: 23058 OSVDB: 33545 Background MERCUR Messaging Server is an e-mail server supporting the SMTP, POP3, and IMAP protocols for Windows platforms. Problem A buffer overflow vulnerability in MERCUR Messaging Server allows remote attackers to execute arbitrary...

10CVSS7.9AI score0.16309EPSS
Exploits5
Saint
Saint
•added 2007/01/17 12:0 a.m.•22 views

Microsoft PowerPoint malformed data record vulnerability

Added: 01/17/2007 CVE: CVE-2006-3876 BID: 20322 OSVDB: 29447 Background Microsoft PowerPoint is presentation software included in the Microsoft Office desktop suite. Problem Improper handling of malformed Data records in PowerPoint files allows command execution. Resolution Apply the patch...

9.3CVSS6.3AI score0.11423EPSS
Exploits4
Saint
Saint
•added 2006/09/18 12:0 a.m.•22 views

MDaemon WorldClient form2raw.cgi From buffer overflow

Added: 09/18/2006 CVE: CVE-2003-1200 BID: 9317 OSVDB: 3255 Background MDaemon is an e-mail server product for Windows. It includes a web mail component called WorldClient. Problem A buffer overflow in MDaemon WorldClient allows remote command execution by sending a web request for the form2raw.cg...

7.5CVSS7.2AI score0.65097EPSS
Exploits8
Saint
Saint
•added 2006/09/18 12:0 a.m.•22 views

MDaemon WorldClient form2raw.cgi From buffer overflow

Added: 09/18/2006 CVE: CVE-2003-1200 BID: 9317 OSVDB: 3255 Background MDaemon is an e-mail server product for Windows. It includes a web mail component called WorldClient. Problem A buffer overflow in MDaemon WorldClient allows remote command execution by sending a web request for the form2raw.cg...

7.5CVSS7.2AI score0.65097EPSS
Exploits8
Saint
Saint
•added 2006/07/06 12:0 a.m.•22 views

IMail LDAP buffer overflow

Added: 07/06/2006 CVE: CVE-2004-0297 BID: 9682 OSVDB: 3984 Background IMail is an e-mail server for Windows platforms. It includes a service which implements the Lightweight Directory Access Protocol LDAP. Problem A buffer overflow in IMail's LDAP service allows a remote attacker to overwrite the...

10CVSS7.2AI score0.68129EPSS
Exploits8
Saint
Saint
•added 2006/06/30 12:0 a.m.•22 views

MailEnable SMTP AUTH LOGIN buffer overflow

Added: 06/30/2006 CVE: CVE-2005-1781 BID: 13772 OSVDB: 16851 Background MailEnable is a mail server supporting SMTP and POP3 for Windows platforms. MailEnable Professional and MailEnable Enterprise also include IMAP and HTTPMail services. Problem The SMTP service in MailEnable is affected by a...

5CVSS8AI score0.01768EPSS
Exploits4
Saint
Saint
•added 2006/06/23 12:0 a.m.•22 views

BASE base_qry_common.php file include

Added: 06/23/2006 CVE: CVE-2006-2685 BID: 18298 OSVDB: 25770 Background Snort is an open-source intrusion detection system. The Basic Analysis and Security Engine BASE is a web interface for analyzing Snort results. Problem If the registerglobals PHP option is enabled, the baseqrycommon.php scrip...

4CVSS6.5AI score0.49185EPSS
Exploits11
Saint
Saint
•added 2006/06/01 12:0 a.m.•22 views

IMail IMAP DELETE command buffer overflow

Added: 06/01/2006 CVE: CVE-2004-1520 BID: 11675 OSVDB: 11838 Background IMail is an e-mail server for Windows platforms. Problem A buffer overflow in the IMAP service could allow remote attackers to execute commands by sending a long, specially crafted DELETE command. The attacker would need to...

4.6CVSS7.3AI score0.88509EPSS
Exploits12
Saint
Saint
•added 2006/05/15 12:0 a.m.•22 views

Windows compressed folders buffer overflow

Added: 05/15/2006 CVE: CVE-2004-0575 BID: 11382 OSVDB: 10695 Background Microsoft Windows XP and Windows Server 2003 include the ability to natively handle ZIP files. Problem A buffer overflow when handling compressed folders allows command execution when a specially crafted ZIP file is opened by...

10CVSS6.8AI score0.603EPSS
Exploits4
Saint
Saint
•added 2006/03/24 12:0 a.m.•22 views

Microsoft Jet Database Engine buffer overflow

Added: 03/24/2006 CVE: CVE-2005-0944 BID: 12960 OSVDB: 15187 Background The Microsoft Jet Database Engine provides data access functionality for a number of applications. Problem An input validation vulnerability in the Microsoft Jet Database Engine could lead to command execution when a user ope...

7.5CVSS6.3AI score0.34021EPSS
Exploits4
Saint
Saint
•added 2006/03/10 12:0 a.m.•22 views

WS_FTP MKD command buffer overflow

Added: 03/10/2006 CVE: CVE-2004-1135 BID: 11772 OSVDB: 12509 Background WSFTP Server is an FTP server for Windows platforms. Problem A buffer overflow vulnerability in the MKD command could allow an attacker to execute commands on the server. If the anonymous FTP account is enabled, the attacker...

5CVSS7.2AI score0.49642EPSS
Exploits7
Saint
Saint
•added 2006/02/05 12:0 a.m.•22 views

Microsoft SQL Server 2000 resolution service buffer overflow

Added: 02/05/2006 CVE: CVE-2002-0649 BID: 5310 OSVDB: 4577 Background Microsoft SQL Server is a database server package for Windows platforms. SQL Server 2000 introduced the SQL Server Resolution Service, which runs on port 1434/UDP and identifies the port on which each SQL Server instance runs...

7.5CVSS7.8AI score0.8475EPSS
Exploits7
Saint
Saint
•added 2018/01/02 12:0 a.m.•21 views

Huawei UPnP DeviceUpgrade command injection

Added: 01/02/2018 BID: 102344 Background Huawei home routers support the DeviceUpgrade service type over the Universal Plug and Play UPnP protocol to facilitate upgrading of firmware. Problem A remote authenticated attacker can execute arbitrary commands injected into the NewStatusURL XML element...

8AI score
Exploits0
Saint
Saint
•added 2015/12/28 12:0 a.m.•21 views

FireEye MPS JAR analyzer command execution

Added: 12/28/2015 BID: 78809 Background The FireEye Malware Protection System MPS detects and eliminates malware found on file shares, web downloads, and e-mail. Problem A vulnerability in the Java Archive analysis tool could allow command execution when the tool analyzes a specially crafted JAR...

7.6AI score
Exploits0
Saint
Saint
•added 2015/12/28 12:0 a.m.•21 views

FireEye MPS JAR analyzer command execution

Added: 12/28/2015 BID: 78809 Background The FireEye Malware Protection System MPS detects and eliminates malware found on file shares, web downloads, and e-mail. Problem A vulnerability in the Java Archive analysis tool could allow command execution when the tool analyzes a specially crafted JAR...

7.6AI score
Exploits0
Saint
Saint
•added 2015/10/01 12:0 a.m.•21 views

Konica Minolta FTP Utility buffer overflow

Added: 10/01/2015 Background The Konica Minolta FTP Utility is an FTP server for Windows 98 through XP. Problem A vulnerability in the FTP Utility allows remote, unauthenticated attackers to execute arbitrary commands by sending a long, specially crafted argument to any command. Resolution Remove...

8.3AI score
Exploits0
Saint
Saint
•added 2015/07/30 12:0 a.m.•21 views

D-Link Cookie command injection

Added: 07/30/2015 Background D-Link produces a variety of routers, switches, and other network equipment for home users and businesses. Problem A command injection vulnerability allows remote attackers to execute arbitrary commands by sending a specially crafted cookie in an HTTP request...

8.8AI score
Exploits0
Saint
Saint
•added 2014/12/19 12:0 a.m.•21 views

XEROX Multiple Product Unauthenticated Remote Firmware Injection Vulnerability

Added: 12/19/2014 BID: 52483 OSVDB: 80096 Background Some Xerox Multifunction Printers MFP utilize Dynamic Loadable Modules DLM for patching, upgrading and cloning. The DLMs can be delivered to the printer via the Jet Direct printer service on TCP port 9100. Problem Multiple Xerox products are...

0.8AI score
Exploits0
Saint
Saint
•added 2013/04/12 12:0 a.m.•21 views

ActFax RAW Server Stack Buffer Overflow

Added: 04/12/2013 BID: 57789 OSVDB: 89944 Background ActFax is a Windows-based software package that sends, receives and electronically stores faxes. Problem The ActFax RAW server is vulnerable to a boundary error when processing the @F000 data field, which could result in stack-based buffer...

8.3AI score
Exploits0
Total number of security vulnerabilities4305