Lucene search
K
SaintMost viewed

4305 matches found

Saint
Saint
•added 2013/01/23 12:0 a.m.•21 views

Nagios XI Graph Explorer Component OS Command Injection Vulnerability

Added: 01/23/2013 BID: 54263 OSVDB: 83552 Background Nagios XI is a network host and service monitoring and management system. Problem Nagios XI Graph Explorer Component is vulnerable to arbitrary command execution by authenticated users. The vulnerability is due to the visApi.php script not...

7.4AI score
Exploits0
Saint
Saint
•added 2012/10/12 12:0 a.m.•21 views

Novell File Reporter NFRAgent.exe VOL tag buffer overflow

Added: 10/12/2012 BID: 55268 OSVDB: 85503 Background Novell File Reporter is software that allows network administrators to identify files stored on the network and generates reports regarding the size of individual files, file type, when files were last accessed, and where duplicates exist...

2.5AI score
Exploits0
Saint
Saint
•added 2012/09/13 12:0 a.m.•21 views

HP Application Lifecycle Management XGO.ocx ActiveX SetShapeNodeType Method Vulnerability

Added: 09/13/2012 BID: 55272 OSVDB: 85152 Background HP Application Lifecycle Management ALM is a software product designed to manage the application lifecycle from requirements through readiness for delivery from a single repository, providing a consistent user experience and customizable...

7.6AI score
Exploits0
Saint
Saint
•added 2012/09/10 12:0 a.m.•21 views

Oracle Outside In XPM Image Processing Stack Overflow

Added: 09/10/2012 Background Oracle Outside In is a suite of software development kits that provides developers with a comprehensive solution to access, transform, and control the contents of over 500 unstructured file formats. Problem In Outside In versions 8.3.5.0 through 8.3.7, the XPM image...

0.6AI score
Exploits0
Saint
Saint
•added 2012/05/17 12:0 a.m.•21 views

SolarWinds Storage Manager SQL Injection

Added: 05/17/2012 BID: 51639 OSVDB: 81634 Background SolarWinds Storage Manager is agentless heterogeneous monitoring and reporting of the performance and capacity of physical and virtual storage infrastructure. It delivers visibility and insight into how your storage infrastructure maps to your...

8.3AI score
Exploits0
Saint
Saint
•added 2012/03/19 12:0 a.m.•21 views

ASUS Net4Switch ipswcom.dll ActiveX Control Buffer Overflow

Added: 03/19/2012 BID: 52110 OSVDB: 79438 Background Asus manufactures computers, peripherals, computer components and network switches. Problem The Asus Net4Switch ipswcom.dll ActiveX component is vulnerable to buffer overflow as a result of failure to perform adequate boundary checks on...

0.4AI score
Exploits0
Saint
Saint
•added 2012/03/06 12:0 a.m.•21 views

Sysax SSH Username Remote Code Execution

Added: 03/06/2012 BID: 52190 OSVDB: 79689 Background Sysax Multi Server is a Secure FTP Server and SSH2 Secure Shell Server combined into a single product. It simultaneously supports remote access and file transfer using FTP, FTPS, SFTP, Telnet, and Secure Shell. It also supports web based file...

7.8AI score
Exploits0
Saint
Saint
•added 2011/11/21 12:0 a.m.•21 views

Oracle Hyperion Financial Management ActiveX Heap Overflow

Added: 11/21/2011 BID: 50565 OSVDB: 76913 Background Oracle Hyperion Financial Management is a web-based financial consolidation, reporting and analysis solution. Problem Hyperion Financial Management webapp installs an ActiveX control on the target system. This control is marked as safe for...

0.1AI score
Exploits0
Saint
Saint
•added 2011/11/15 12:0 a.m.•21 views

Oracle Hyperion Financial Management ActiveX File Upload

Added: 11/15/2011 BID: 50476 Background Oracle Hyperion Financial Management is a web-based financial consolidation, reporting and analysis solution. Problem Hyperion Financial Management webapp installs an ActiveX control on the target system. This control is marked as safe for scripting and...

6.7AI score
Exploits0
Saint
Saint
•added 2011/09/26 12:0 a.m.•21 views

Freefloat FTPD Invalid Command Overflow

Added: 09/26/2011 BID: 48704 Background Freefloat is a software series developed directly for handheld terminals. Freefloat FTP Server is a free FTP server for various versions of Windows including Windows CE/Pocket PC. Problem Freefloat FTP Server is vulnerable to a stack overflow as a result of...

7.8AI score
Exploits0
Saint
Saint
•added 2011/09/26 12:0 a.m.•21 views

Computech Wordlist Builder DIC File Buffer Overflow

Added: 09/26/2011 BID: 47113 Background Computech Wordlist Builder is a simple utility that generates sorted wordlists based on contents of documents. Problem A stack overflow condition exists in Wordlist Builder 1.0 due the use of a fixed-length buffer used to read words from the .DIC file...

8.5AI score
Exploits0
Saint
Saint
•added 2011/07/14 12:0 a.m.•21 views

Crack OS X 10.7 Hashes

Added: 07/14/2011 Background This tool attempts to crack the passwords retreived by the "Mac OS X Hash grab" exploit tool. Accounts are cracked using dictionaries/Commonpwlong.txt Limitations An existing macosxhashgrab.out file must exist in the /exploits directory. Platforms Mac OS X...

6.9AI score
Exploits0
Saint
Saint
•added 2011/07/14 12:0 a.m.•21 views

Mac camera image capture

Added: 07/14/2011 Background This tool attempts to retrieve an image file captured by an iSight camera such as the one built into a MacBook. Limitations A connection to the target is required to run this tool. Platforms Mac OS X...

1AI score
Exploits0
Saint
Saint
•added 2011/03/03 12:0 a.m.•21 views

HP Data Protector Client agent EXEC_SETUP code execution

Added: 03/03/2011 CVE: CVE-2011-0922 BID: 46234 OSVDB: 72525 Background HP OpenView Storage Data Protector is a backup solution for enterprise and distributed environments. Problem The backup agent provided by the Data Protector Backup Client Service may be instructed to execute a setup file from...

10CVSS6.6AI score0.64219EPSS
Exploits20
Saint
Saint
•added 2010/11/22 12:0 a.m.•21 views

Foxit Reader Crafted PDF Title Handling Stack Buffer Overflow

Added: 11/22/2010 OSVDB: 68648 Background Foxit Reader is a free PDF reader for Microsoft Windows systems. Problem Foxit Reader for Windows is vulnerable to a stack buffer overflow which could allow execution of arbitrary code. A remote attacker can exploit this vulnerability by enticing a user t...

8AI score
Exploits0
Saint
Saint
•added 2010/07/23 12:0 a.m.•21 views

Automatic Drive-by Download

Added: 07/23/2010 Background This tool waits for client connections, and then gathers information about the operating system and installed software on the client. Next, it chooses the latest and most reliable client exploit for the client's operating system and installed software, and delivers th...

1.3AI score
Exploits0
Saint
Saint
•added 2010/05/10 12:0 a.m.•21 views

Novell ZENworks Configuration Management UploadServlet Remote Code Execution

Added: 05/10/2010 BID: 39114 OSVDB: 63412 Background Novell ZENworks Configuration Management is an IT desktop computer management suite that provides the ability to install, configure and administer desktop computers from a centralized location. The product is based on a client/server...

8.2AI score
Exploits0
Saint
Saint
•added 2010/03/09 12:0 a.m.•21 views

Cross-site scripting cookie theft

Added: 03/09/2010 Background Many web sites include scripts, which are lists of commands which, when executed in sequence, provide some enhancement to a web page. Web browsers are able to recognize scripts in web pages by the tag and handle them accordingly. Problem By sending an HTTP request...

0.1AI score
Exploits0
Saint
Saint
•added 2010/03/05 12:0 a.m.•21 views

Lotus Domino Web Access ActiveX control InstallBrowserHelperDll buffer overflow

Added: 03/05/2010 BID: 38457 OSVDB: 62612 Background Lotus Domino Web Access provides capabilities similar to those of the Lotus Notes client, delivered through a web browser. It includes an ActiveX control implemented in inotes6w.dll , dwa7w.dll , dwa8w.dll , and dwa85w.dll. Problem A buffer...

7.7AI score
Exploits0
Saint
Saint
•added 2010/01/29 12:0 a.m.•21 views

HP OpenView Storage Data Protector Cell Manager buffer overflow

Added: 01/29/2010 Background HP Data Protector is an automated data backup solution. Problem A buffer overflow vulnerability in HP OpenView Storage Data Protector allows remote attackers to execute arbitrary commands by sending a specially crafted request to the Cell Manager service. Resolution...

2.2AI score
Exploits0
Saint
Saint
•added 2009/11/13 12:0 a.m.•21 views

InterSystems Cache HTTP Stack Buffer Overflow

Added: 11/13/2009 Background InterSystems Cache is a high-performance object database that also enables rapid Web application development. Problem Intersystems Cache is vulnerable to a HTTP stack buffer overflow as a result of a specially crafted parameter to the UtilConfigHome.csp page. Resoluti...

7.7AI score
Exploits0
Saint
Saint
•added 2009/10/16 12:0 a.m.•21 views

IBM Installation Manager iim URI Handling Code Execution

Added: 10/16/2009 CVE: CVE-2009-3518 BID: 36549 OSVDB: 58420 Background IBM Installation Manager IIM is a software tool that helps to install, update, modify, and uninstall packages. Problem When IIM is installed it registers the application IBMIM.exe as the iim:// scheme handler, so when an iim:...

9.3CVSS6.7AI score0.05477EPSS
Exploits5
Saint
Saint
•added 2009/09/22 12:0 a.m.•21 views

Symantec Altiris eXpress NS SC Download ActiveX control vulnerability

Added: 09/22/2009 BID: 36346 OSVDB: 57893 Background The Altiris eXpress NS SC Download ActiveX control is installed with several products, including Altiris Deployment Solution. Problem The Altiris eXpress NS SC Download ActiveX control allows remote files to be downloaded, saved to arbitrary...

7.4AI score
Exploits0
Saint
Saint
•added 2009/04/10 12:0 a.m.•21 views

SQL injection

Added: 04/10/2009 Background Structured Query Language SQL is the most common language understood by modern relational databases. Problem A web program uses input parameters within an SQL query in an unsafe manner. This could allow a remote attacker to inject arbitrary SQL commands via a speciall...

0.2AI score
Exploits0
Saint
Saint
•added 2009/04/07 12:0 a.m.•21 views

Flash drive/CD autoplay command execution

Added: 04/07/2009 Background This tool allows you to create a USB flash drive which, when inserted into a Windows computer, prompts a user to run a program which creates a command connection. The program is disguised as the "Open Folder" option in the AutoPlay dialog to entice the user to run it...

7.2AI score
Exploits0
Saint
Saint
•added 2009/02/23 12:0 a.m.•21 views

Internet Explorer deleted object memory corruption

Added: 02/23/2009 CVE: CVE-2009-0075 BID: 33627 OSVDB: 51839 Background Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems. Problem A memory corruption vulnerability allows command execution when a user opens a specially crafted web page which causes a...

9.3CVSS6.3AI score0.85277EPSS
Exploits9
Saint
Saint
•added 2009/02/17 12:0 a.m.•21 views

Free Download Manager torrent file parsing buffer overflow

Added: 02/17/2009 CVE: CVE-2009-0184 BID: 33555 Background Free Download Manager is a download accelerator and manager for Windows systems. Problem A buffer overflow vulnerability allows command execution when a user opens a torrent file containing a long file name. Resolution Upgrade to version...

9.3CVSS6.9AI score0.27803EPSS
Exploits12
Saint
Saint
•added 2009/01/13 12:0 a.m.•21 views

Opera file URI buffer overflow

Added: 01/13/2009 CVE: CVE-2008-5178 BID: 32323 OSVDB: 49882 Background Opera is a web browser which is available for multiple platforms. Problem A buffer overflow vulnerability allows command execution when a user opens a long, specially crafted file:// URI. Resolution Upgrade to Opera 9.63 or...

9.3CVSS6.8AI score0.31509EPSS
Exploits6
Saint
Saint
•added 2008/10/07 12:0 a.m.•21 views

Read Address Book

Added: 10/07/2008 Background This tool attempts to gather e-mail addresses from Outlook and Outlook Express address book files .WAB, .PAB on the target. Limitations A connection to the target is required to run this tool. Recent versions of Microsoft Outlook no longer store address books locally ...

0.9AI score
Exploits0
Saint
Saint
•added 2008/09/24 12:0 a.m.•21 views

Find e-mail addresses

Added: 09/24/2008 Background E-mail addresses in a given domain can often be found using publicly available information such as Internet search engines, network registrars, and public key servers. This tool attempts to provide a list of e-mail addresses using these resources. Limitations Many...

2.3AI score
Exploits0
Saint
Saint
•added 2008/09/24 12:0 a.m.•21 views

DNS zone transfer

Added: 09/24/2008 CVE: CVE-1999-0532 OSVDB: 492 Background A DNS zone transfer is the process by which a secondary name server copies all DNS records for a domain from a primary name server. Problem If DNS zone transfers are not restricted, they can allow attackers to enumerate hosts in a domain...

6.2AI score0.68535EPSS
Exploits7
Saint
Saint
•added 2008/08/27 12:0 a.m.•21 views

CMailServer CMailCOM.dll MoveToFolder buffer overflow

Added: 08/27/2008 BID: 30098 OSVDB: 46750 Background CMailServer is a mail and web mail server. The CMailServer web interface includes the CMailCOM.dll component which provides several classes. Problem A buffer overflow vulnerability in the MoveToFolder method of the POP3 class in CMailCOM.dll...

8.6AI score
Exploits0
Saint
Saint
•added 2008/05/30 12:0 a.m.•21 views

CA ARCserve Backup caloggerd opcode 79 buffer overflow

Added: 05/30/2008 CVE: CVE-2008-2242 BID: 29283 OSVDB: 45368 Background CA ARCserve Backup formerly BrightStor ARCserve Backup is a backup and recovery solution. The logger daemon caloggerd is an RPC service which handles event logs. Problem A buffer overflow vulnerability in caloggerd allows...

7.5CVSS7.7AI score0.14716EPSS
Exploits9
Saint
Saint
•added 2008/05/22 12:0 a.m.•21 views

HP Software Update HPeDiag ActiveX Control GetXmlFromIni buffer overflow

Added: 05/22/2008 CVE: CVE-2008-0712 BID: 28929 OSVDB: 44662 Background HP Software Update is shipped with various kinds of HP computers to keep HP software up to date. Problem A buffer overflow in the GetXmlFromIni method of the HPeDiag ActiveX control allows command execution when a user loads ...

6.8CVSS6.9AI score0.04697EPSS
Exploits4
Saint
Saint
•added 2008/03/11 12:0 a.m.•21 views

Novell iPrint Control ActiveX control ExecuteRequest buffer overflow

Added: 03/11/2008 CVE: CVE-2008-0935 BID: 27939 OSVDB: 42063 Background Novell iPrint is an application which allows users to install and manage printers. Novell iPrint installs the Novell iPrint Control ActiveX control named ienipp.ocx. Problem A buffer overflow vulnerability in the ExecuteReque...

10CVSS6.9AI score0.6514EPSS
Exploits8
Saint
Saint
•added 2008/02/19 12:0 a.m.•21 views

Microsoft Works File Converter field length buffer overflow

Added: 02/19/2008 CVE: CVE-2008-0108 BID: 27659 OSVDB: 41459 Background The Microsoft Works File Converter allows Microsoft Office to open Microsoft Works files. Problem A buffer overflow vulnerability in the Microsoft Works File Converter allows arbitrary command execution when a user opens a .w...

9.3CVSS6.8AI score0.52632EPSS
Exploits5
Saint
Saint
•added 2008/01/16 12:0 a.m.•21 views

MySQL MaxDB cons.exe command injection

Added: 01/16/2008 CVE: CVE-2008-0244 BID: 27206 OSVDB: 40210 Background MaxDB is a SAP-certified open-source database developed by MySQL. Problem The MaxDB server handles the execsdbinfo command by invoking the cons.exe program through a system call without sufficiently checking the arguments for...

10CVSS6.8AI score0.80311EPSS
Exploits8
Saint
Saint
•added 2007/10/26 12:0 a.m.•21 views

Tivoli Storage Manager CAD Host header buffer overflow

Added: 10/26/2007 CVE: CVE-2007-4880 BID: 25743 OSVDB: 38161 Background IBM Tivoli Storage Manager TSM provides centralized management for automated backup and restoration operations. It runs a Client Acceptor Daemon CAD on port 1581/TCP. Problem A buffer overflow vulnerability in Tivoli Storage...

10CVSS7.7AI score0.75945EPSS
Exploits9
Saint
Saint
•added 2007/07/26 12:0 a.m.•21 views

Borland Interbase ibserver.exe create buffer overflow

Added: 07/26/2007 CVE: CVE-2007-3566 BID: 25048 OSVDB: 38602 Background Borland Interbase is a database solution for Windows, Linux, and Solaris platforms. Problem A buffer overflow in the database service, ibserver.exe , allows remote attackers to execute arbitrary commands by sending a speciall...

7.5CVSS7.8AI score0.66081EPSS
Exploits9
Saint
Saint
•added 2007/06/07 12:0 a.m.•21 views

CA Antivirus engine CAB handling buffer overflow

Added: 06/07/2007 CVE: CVE-2007-2864 BID: 24330 OSVDB: 35245 Background The CA Antivirus engine is included in multiple CA products. Problem A buffer overflow vulnerability in the CA Antivirus engine allows command execution when a CAB file containing a specially crafted "coffFiles" field is...

9.3CVSS6.8AI score0.49647EPSS
Exploits7
Saint
Saint
•added 2007/05/25 12:0 a.m.•21 views

CA Console Server username buffer overflow

Added: 05/25/2007 CVE: CVE-2007-2522 BID: 23906 OSVDB: 34585 Background Multiple CA products include the inoweb Console Server which listens for connections on port 12168/TCP. Problem A buffer overflow vulnerability allows remote attackers to execute arbitrary commands by sending a long, speciall...

10CVSS7.8AI score0.26589EPSS
Exploits4
Saint
Saint
•added 2007/05/17 12:0 a.m.•21 views

Adobe Photoshop PNG file handling buffer overflow

Added: 05/17/2007 CVE: CVE-2007-2365 BID: 23698 OSVDB: 35465 Background Adobe Photoshop is an application for editing digital images. Problem A buffer overflow vulnerability in Adobe Photoshop allows command execution when a user opens a specially crafted PNG image file. Resolution Do not open PN...

9.3CVSS6.8AI score0.51052EPSS
Exploits4
Saint
Saint
•added 2007/05/10 12:0 a.m.•21 views

ACDSee XPM file handling buffer overflow

Added: 05/10/2007 CVE: CVE-2007-2193 BID: 23620 OSVDB: 35236 Background ACDSee is a suite of products for viewing and organizing photos. Problem A buffer overflow vulnerability in the IDX.apl plug-in allows command execution when a user opens a specially crafted XPM file. Resolution Apply a fix...

9.3CVSS6.9AI score0.3657EPSS
Exploits7
Saint
Saint
•added 2007/03/27 12:0 a.m.•21 views

MERCUR imapd SUBSCRIBE command buffer overflow

Added: 03/27/2007 CVE: CVE-2007-1579 BID: 23050 OSVDB: 33546 Background MERCUR Messaging Server is an e-mail server supporting the SMTP, POP3, and IMAP protocols for Windows platforms. Problem A buffer overflow vulnerability allows remote, authenticated attackers to execute arbitrary commands by...

10CVSS7.5AI score0.56209EPSS
Exploits5
Saint
Saint
•added 2007/01/31 12:0 a.m.•21 views

Microsoft Help Workshop .CNT file buffer overflow

Added: 01/31/2007 CVE: CVE-2007-0352 BID: 22100 OSVDB: 31898 Background Microsoft Help Workshop is a standard component of Microsoft Visual Studio and is also available as a standalone product. Problem A buffer overflow vulnerability in Microsoft Help Workshop allows command execution when a user...

9.3CVSS6.8AI score0.36385EPSS
Exploits5
Saint
Saint
•added 2007/01/24 12:0 a.m.•21 views

BrightStor ARCserve Message Engine opnum 0x75 buffer overflow

Added: 01/24/2007 CVE: CVE-2007-0169 BID: 22005 OSVDB: 31318 Background The BrightStor ARCserve Backup server runs the Message Engine RPC service on ports 6503/TCP and 6504/TCP by default. Problem A buffer overflow in BrightStor ARCserve Backup allows remote attackers to execute arbitrary command...

7.5CVSS7.7AI score0.68809EPSS
Exploits16
Saint
Saint
•added 2007/01/17 12:0 a.m.•21 views

Microsoft PowerPoint malformed data record vulnerability

Added: 01/17/2007 CVE: CVE-2006-3876 BID: 20322 OSVDB: 29447 Background Microsoft PowerPoint is presentation software included in the Microsoft Office desktop suite. Problem Improper handling of malformed Data records in PowerPoint files allows command execution. Resolution Apply the patch...

9.3CVSS6.3AI score0.11423EPSS
Exploits4
Saint
Saint
•added 2006/12/15 12:0 a.m.•21 views

AOL ICQ ActiveX DownloadAgent vulnerability

Added: 12/15/2006 CVE: CVE-2006-5650 BID: 20930 OSVDB: 30220 Background America Online AOL ICQ is a widely used program for communicating with other users on the Internet. Problem The ICQPhone.SipxPhoneManager ActiveX control, which is installed with ICQ, includes a function called DownloadAgent...

7.5CVSS7.2AI score0.66368EPSS
Exploits9
Saint
Saint
•added 2006/08/11 12:0 a.m.•21 views

Windows Server Service buffer overflow

Added: 08/11/2006 CVE: CVE-2006-3439 BID: 19409 OSVDB: 27845 Background The Windows Server Service supports file, print, and named-pipe sharing over the network. Problem A buffer overflow vulnerability in the Windows Server Service allows remote attackers to execute arbitrary commands. Resolution...

10CVSS7.5AI score0.85461EPSS
Exploits16
Saint
Saint
•added 2006/08/07 12:0 a.m.•21 views

Microsoft SQL Server Hello buffer overflow

Added: 08/07/2006 CVE: CVE-2002-1123 BID: 5411 OSVDB: 10132 Background Microsoft SQL Server is a database server package for Windows platforms. Problem Microsoft SQL Server 2000 is affected by a buffer overflow vulnerability in the code which handles user authentication. This allows a remote...

7.5CVSS7.8AI score0.77712EPSS
Exploits9
Total number of security vulnerabilities4305