Lucene search
K
SaintMost viewed

4305 matches found

Saint
Saint
•added 2010/06/18 12:0 a.m.•119 views

HP Operations Manager hidden Tomcat account

Added: 06/18/2010 CVE: CVE-2009-3843 BID: 37086 OSVDB: 60317 Background HP Operations Manager is a consolidated event and performance management console that correlates infrastructure, network and end-user experience events across an IT infrastructure. Problem A hidden Apache Tomcat account allow...

10CVSS9.8AI score0.78968EPSS
Exploits12
Saint
Saint
•added 2010/06/15 12:0 a.m.•119 views

Windows Help and Support Center -FromHCP URL whitelist bypass

Added: 06/15/2010 CVE: CVE-2010-1885 BID: 40725 OSVDB: 65264 Background The Microsoft Windows Help and Support Center is a resource in Microsoft Windows operating systems for online help, support, tools, how-to articles, and other resources. Problem A vulnerability in Windows Help and Support...

9.3CVSS9.7AI score0.75458EPSS
Exploits11
Saint
Saint
•added 2008/12/04 12:0 a.m.•119 views

VLC media player TY file parse_master buffer overflow

Added: 12/04/2008 CVE: CVE-2008-4654 BID: 31813 OSVDB: 49181 Background VLC media player is a media player supporting various audio and video formats for multiple platforms. Problem A buffer overflow vulnerability in the parsemaster function in the Ty demux plugin allows command execution when a...

9.3CVSS6.8AI score0.57547EPSS
Exploits8
Saint
Saint
•added 2008/08/13 12:0 a.m.•118 views

CoolPlayer m3u playlist processing filename buffer overflow

Added: 08/13/2008 CVE: CVE-2008-3408 BID: 30418 OSVDB: 47194 Background CoolPlayer is a free audio player for Windows platforms. Problem A buffer overflow vulnerability in CoolPlayer allows command execution when a user opens an m3u playlist file containing a specially crafted filename. Resolutio...

6.8CVSS6.9AI score0.09665EPSS
Exploits5
Saint
Saint
•added 2026/01/26 12:0 a.m.•117 views

telnetd argument injection vulnerability

Added: 01/26/2026 Background The Telnet service allows remote users to authenticate to a system and use an interactive command shell. The Telnet service is implemented by the Telnet daemon, telnetd. Problem The telnetd program included in GNU Inetutils allows authentication to be bypassed with a ...

9.8CVSS5.9AI score0.98871EPSS
Exploits62
Saint
Saint
•added 2025/10/24 12:0 a.m.•117 views

BentoML runner server deserialization vulnerability

Added: 10/24/2025 CVE: CVE-2024-9070 Background BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Problem A deserialization vulnerability in the BentoML runner server allows remote attackers to execute arbitrary commands by sending a...

9.8CVSS9.8AI score0.00846EPSS
Exploits2
Saint
Saint
•added 2009/11/06 12:0 a.m.•117 views

HP Power Manager Remote Code Execution

Added: 11/06/2009 CVE: CVE-2009-2685 BID: 36933 OSVDB: 59684 Background HP Power Manager is a web-based application that enables administrators to manage an HP UPS from a browser-based management console. Problem A stack-based buffer overflow in the HP Power Manager management web server allows...

10CVSS7AI score0.76706EPSS
Exploits9
Saint
Saint
•added 2006/01/04 12:0 a.m.•117 views

IMail IMAP LOGIN special character vulnerability

Added: 01/04/2006 CVE: CVE-2005-1255 BID: 13727 OSVDB: 16804 Background IMail is a mail server for Windows platforms. It includes SMTP, POP, IMAP, and LDAP services, a web interface, and web calendaring. Problem A remote attacker could execute arbitrary commands by sending a long specially crafte...

10CVSS7.5AI score0.42813EPSS
Exploits6
Saint
Saint
•added 2026/01/23 12:0 a.m.•116 views

Oracle HTTP Server and Weblogic Proxy Plug-in vulnerability

Added: 01/23/2026 Background Oracle HTTP Server is the web server component for Oracle Fusion Middleware. Problem A vulnerability in Oracle HTTP Server and Weblogic Proxy Plug-in could allow a remote attacker to execute arbitrary commands by requesting a specially crafted path which allows...

6.2AI score
Exploits0
Saint
Saint
•added 2025/12/11 12:0 a.m.•116 views

React Server Components deserialization vulnerability

Added: 12/11/2025 Background React is a Javascript library for building user interfaces. React Server Components are React components designed for running on web servers. Problem A deserialization vulnerability in React Server Components allows a remote attacker to execute arbitrary commands by...

6.1AI score
Exploits0
Saint
Saint
•added 2021/02/25 12:0 a.m.•116 views

VMware VCenter Server file upload

Added: 02/25/2021 Background VMware VCenter Server is server management software for controlling VMware VSphere environments. Problem A vulnerability in VMware VCenter Server allows remote, unauthenticated attackers to upload files to arbitrary locations on the server, leading to command executio...

8AI score
Exploits0
Saint
Saint
•added 2020/03/24 12:0 a.m.•116 views

netkit telnetd nextitem vulnerability

Added: 03/24/2020 Background netkit telnetd is a server implementation of the Telnet protocol which comes with many Linux and Unix operating systems. Problem An unbounded read and write condition in the nextitem function allows remote attackers to execute arbitrary commands on the server...

8.3AI score
Exploits0
Saint
Saint
•added 2019/08/26 12:0 a.m.•116 views

Webmin password_change.cgi backdoor

Added: 08/26/2019 Background Webmin is a web-based interface for system administration of Unix systems. The Webmin web server listens by default on port 10000/tcp. Problem A backdoor in Webmin allows a remote attacker to execute arbitrary commands by sending a POST request for passwordchange.cgi...

1.3AI score
Exploits0
Saint
Saint
•added 2017/02/16 12:0 a.m.•116 views

HP Smart Storage Administrator command injection

Added: 02/16/2017 CVE: CVE-2016-8523 BID: 95868 Background HP Smart Storage Administrator HP SSA is a web-based application that helps an administrator configure, manage, diagnose, and monitor HP ProLiant Smart Array Controllers and other storage devices such as host bus adapters HBAs and HP...

9CVSS9.1AI score0.1704EPSS
Exploits8
Saint
Saint
•added 2023/03/22 12:0 a.m.•115 views

SugarCRM EmailTemplates PNG file upload

Added: 03/22/2023 Background SugarCRM is customer relationship management software written in PHP. Problem A vulnerability in the EmailTemplates module allows remote, unauthenticated attackers to execute arbitrary commands on the server by uploading a PNG image file containing embedded PHP code...

8.3AI score
Exploits0
Saint
Saint
•added 2021/08/27 12:0 a.m.•115 views

Sophos UTM Webadmin remote command execution

Added: 08/27/2021 Background Sophos UTM is a network security appliance. Problem A vulnerability in the Webadmin interface allows remote attackers to execute arbitrary commands by sending a specially crafted POST request. Resolution Upgrade to Sophos SG UTM v9.511 MR11, v9.607 MR7, or v9.705 MR5 ...

10CVSS9.9AI score0.96693EPSS
Exploits9
Saint
Saint
•added 2013/06/18 12:0 a.m.•115 views

Microsoft Office PNG File Handling Buffer Overflow

Added: 06/18/2013 CVE: CVE-2013-1331 BID: 60408 OSVDB: 94127 Background Microsoft Office is a package which provides word processing, spreadsheet, presentation, e-mail, and calendaring capabilities for Microsoft Windows workstations. Problem An error in Microsoft Office 2003 SP3 for Windows when...

9.3CVSS7.8AI score0.81877EPSS
Exploits4
Saint
Saint
•added 2013/06/03 12:0 a.m.•115 views

Internet Explorer VML Dashstyle Attributes Integer Overflow

Added: 06/03/2013 CVE: CVE-2013-2551 BID: 58570 OSVDB: 91197 Background Vector Markup Language VML is an XML-based format for vector graphics. Problem An integer overflow vulnerability in vml.dll when processing dashstyle attributes of certain VML elements in a web page allows arbitrary command...

9.3CVSS8.5AI score0.74096EPSS
Exploits9
Saint
Saint
•added 2012/07/03 12:0 a.m.•113 views

F5 BIG-IP SSH private key

Added: 07/03/2012 CVE: CVE-2012-1493 BID: 53897 OSVDB: 82780 Background SSH Private keys are used for authentication for many F5 BIG-IP devices. Devices shipped with a default, static key are vulnerable to compromise if the public discovers the key. The private key can be re-used by an attacker t...

7.8CVSS8.3AI score0.63078EPSS
Exploits15
Saint
Saint
•added 2010/09/20 12:0 a.m.•113 views

Windows SMB2 buffer overflow

Added: 09/20/2010 CVE: CVE-2009-3103 BID: 36299 OSVDB: 57799 Background SMB2 is the replacement protocol for the SMB Windows filesharing protocol. Problem A buffer overflow vulnerability in the SMB2 Service allows remote attackers to execute arbitrary commands. Resolution Apply the patch referenc...

10CVSS9.8AI score0.90121EPSS
Exploits20
Saint
Saint
•added 2026/03/25 12:0 a.m.•112 views

CraftCMS generate-transform command injection

Added: 03/25/2026 Background CraftCMS is a content management system written in PHP. Problem A vulnerability in CraftCMS allows remote attackers to inject arbitrary PHP code into the session file and then execute it using a specially crafted request to generate-transform. Resolution Upgrade to...

6.1AI score
Exploits0
Saint
Saint
•added 2024/08/20 12:0 a.m.•112 views

Apache HugeGraph Gremlin command injection

Added: 08/20/2024 Background Apache HugeGraph is a graph database. HugeGraph supports Gremlin, a graph traversal language. Problem A vulnerability in Apache HugeGraph allows remote attackers to bypass sandbox restrictions and execute arbitrary commands through Gremlin. Resolution Upgrade to...

8.3AI score
Exploits0
Saint
Saint
•added 2022/09/27 12:0 a.m.•112 views

Airspan AirSpot pingDiagnostic command injection

Added: 09/27/2022 Background Airspan AirSpot 5410 is an advanced, LTE, CAT12, outdoor, multi-service product specifically designed to meet data needs for residential, business and enterprise users. Problem A command injection vulnerability when diagnostics.cgi handles the pingDiagnostic command...

8.4AI score
Exploits0
Saint
Saint
•added 2014/09/26 12:0 a.m.•112 views

Bash environment variable code injection over HTTP

Added: 09/26/2014 CVE: CVE-2014-6271 BID: 70103 OSVDB: 112004 Background GNU Bash Bourne Again SHell is a command shell commonly used on Linux and Unix systems. Problem The Bash shell executes commands injected after function definitions contained in environment variables. This could be used by a...

10CVSS10AI score0.99999EPSS
Exploits132
Saint
Saint
•added 2013/09/04 12:0 a.m.•112 views

Java Runtime Environment java.awt.image.IntegerComponentRaster buffer overflow

Added: 09/04/2013 CVE: CVE-2013-2471 BID: 60659 OSVDB: 94357 Background The Java Runtime Environment JRE is part of the Java Development Kit JDK, a set of programming tools for developing Java applications. The Java Runtime Environment provides the minimum requirements for executing a Java...

10CVSS8.7AI score0.14749EPSS
Exploits4
Saint
Saint
•added 2012/05/30 12:0 a.m.•112 views

IBM Rational ClearQuest CQOle ActiveX

Added: 05/30/2012 CVE: CVE-2012-0708 BID: 53170 OSVDB: 81443 Background Rational ClearQuest is an enterprise workflow automation tool. It functions as a bug tracking tool and can act as a CRM or process tracker. Problem The ClearQuest web client installs ActiveX modules on the client system. Thes...

9.3CVSS6.4AI score0.3095EPSS
Exploits10
Saint
Saint
•added 2008/03/12 12:0 a.m.•112 views

Microsoft Office Web Components OWC.Spreadsheet.9 ActiveX Control overflow

Added: 03/12/2008 CVE: CVE-2006-4695 BID: 28135 OSVDB: 42711 Background Microsoft Office Web Components OWC are a group of OLE classes implemented as ActiveX controls. Problem A buffer overflow vulnerability in the OWC.Spreadsheet.9 ActiveX control allows command execution when a user loads a web...

9.3CVSS6.7AI score0.4014EPSS
Exploits6
Saint
Saint
•added 2006/07/18 12:0 a.m.•112 views

ntdll.dll buffer overflow via IIS 5.0 WebDAV

Added: 07/18/2006 CVE: CVE-2003-0109 BID: 7116 OSVDB: 4467 Background The dynamic link library ntdll.dll is a core component of the Windows operating system. It is used by many operating system components including the WebDAV component of Microsoft IIS. Problem A buffer overflow in ntdll.dll allo...

7.5CVSS7.7AI score0.86396EPSS
Exploits13
Saint
Saint
•added 2017/04/26 12:0 a.m.•111 views

Windows SMBv1 Remote Command Execution

Added: 04/26/2017 CVE: CVE-2017-0143 BID: 96703 Background Server Message Block SMB is the protocol used by Microsoft Windows computers to communicate over a network. SMBv1 was the first version of this protocol and is still supported by modern Windows versions. Problem A vulnerability in the...

9.3CVSS9AI score0.93307EPSS
Exploits47
Saint
Saint
•added 2012/06/29 12:0 a.m.•111 views

Adobe Flash Player Object Confusion Code Execution

Added: 06/29/2012 CVE: CVE-2012-0779 BID: 53395 OSVDB: 81656 Background Adobe Flash Player is a cross-platform browser plug-in providing visual enhancements for web pages. Problem Adobe Flash Player 11.2.202.233 and earlier on Windows is vulnerable to an "object confusion" vulnerability. A remote...

9.3CVSS7.7AI score0.85698EPSS
Exploits10
Saint
Saint
•added 2008/07/23 12:0 a.m.•111 views

Sun Java Web Start JNLP file j2se element heap-size buffer overflow

Added: 07/23/2008 CVE: CVE-2008-3111 BID: 30148 OSVDB: 46959 Background Sun Java Web Start allows standalone Java applications, called JNLP files, to be executed by the Java Runtime Environment JRE. Problem A buffer overflow vulnerability in Sun Java Web Start allows command execution when the us...

10CVSS8.9AI score0.04267EPSS
Exploits4
Saint
Saint
•added 2024/07/10 12:0 a.m.•110 views

Rejetto HTTP File Server template injection

Added: 07/10/2024 Background Rejetto HTTP File Server is a web-based file system application. Problem A template injection vulnerability allows remote attackers to execute arbitrary commands by sending a specially crafted GET request. Resolution Upgrade to a version higher than HTTP File Server H...

8.6AI score
Exploits0
Saint
Saint
•added 2017/07/13 12:0 a.m.•110 views

Windows SMB PsImpersonateClient null token vulnerability

Added: 07/13/2017 CVE: CVE-2017-0144 BID: 96704 Background Server Message Block SMB is the protocol used by Microsoft Windows computers to communicate over a network. Problem A remote attacker can execute arbitrary commands with SYSTEM privileges by overwriting the token to a null value and forci...

9.3CVSS9.1AI score0.9923EPSS
Exploits55
Saint
Saint
•added 2010/04/22 12:0 a.m.•110 views

Java Runtime Environment Soundbank Resource Name Stack Buffer Overflow

Added: 04/22/2010 CVE: CVE-2010-0839 BID: 39070 OSVDB: 63494 Background The Java Runtime Environment JRE is part of the Java Development Kit JDK, a set of programming tools for developing Java applications. The JRE Java programming class library contains the Java Sound Application Interface API t...

7.5CVSS9.6AI score0.03538EPSS
Exploits4
Saint
Saint
•added 2016/01/25 12:0 a.m.•109 views

FortiOS Fortimanager_Access SSH account backdoor

Added: 01/25/2016 CVE: CVE-2016-1909 Background FortiOS is the operating system used by FortiGate network security appliances. Problem An undocumented account can be used to gain unauthorized access to the appliance. Resolution Upgrade to FortiOS 4.1.11, 4.2.16, 4.3.17, 5.0.8, 5.2.0, 5.4.0, or...

10CVSS9.6AI score0.71268EPSS
Exploits8
Saint
Saint
•added 2015/12/14 12:0 a.m.•109 views

ABRT/sosreport privilege elevation

Added: 12/14/2015 CVE: CVE-2015-5287 Background The Automatic Bug Reporting Tool ABRT is an application that runs as a daemon on some Linux systems. ABRT collects relevant crash data when another application crashes and can report it to a relevant issue tracker for analysis. After saving some...

6.9CVSS6.4AI score0.03268EPSS
Exploits17
Saint
Saint
•added 2013/03/04 12:0 a.m.•109 views

Java MBeanInstantiator findClass and Introspector Sandbox Escape

Added: 03/04/2013 CVE: CVE-2013-0431 BID: 57726 OSVDB: 89613 Background Java is a programming language that compiles programs to bytecode, which is then executed inside a Java Virtual Machine. This is optimal for applications that must run on various hardware platforms, such as web applets. Probl...

5.3CVSS9.8AI score0.89987EPSS
Exploits8
Saint
Saint
•added 2008/01/15 12:0 a.m.•109 views

Novell GroupWise Client IMG SRC buffer overflow

Added: 01/15/2008 CVE: CVE-2007-6435 BID: 26875 OSVDB: 40870 Background Novell GroupWise is an e-mail and collaboration product suite. Problem A buffer overflow vulnerability in the GroupWise client allows command execution when a user replies to or forwards a message containing an IMG tag with a...

9.3CVSS6.9AI score0.06588EPSS
Exploits5
Saint
Saint
•added 2025/07/02 12:0 a.m.•108 views

WingFTP username null byte command execution

Added: 07/02/2025 Background Wing FTP Server is free FTP server software for Windows, Linux, and Mac OS. Problem A command injection vulnerability allows a remote unauthenticated attacker to execute arbitrary commands by sending a username with a null byte in a login request. Resolution Upgrade t...

8.8AI score
Exploits0
Saint
Saint
•added 2024/06/27 12:0 a.m.•108 views

GeoServer JAI-EXT extension command injection

Added: 06/27/2024 Background GeoServer is an open source server for sharing geospatial data. Java Advanced Imaging JAI is an API which provides a set of high level objects for the image processing. JAI-EXT is an open source project which extends the JAI API. Jiffle is a map algebra language...

8AI score
Exploits0
Saint
Saint
•added 2021/06/23 12:0 a.m.•108 views

WebSVN search command execution

Added: 06/23/2021 Background WebSVN is a web interface for Subversion repositories. Problem A command injection vulnerability allows remote unauthenticated attackers to execute arbitrary commands by sending a specially crafted search request. Resolution Upgrade to WebSVN 2.6.1 or higher. Referenc...

10CVSS10AI score0.86716EPSS
Exploits9
Saint
Saint
•added 2021/01/08 12:0 a.m.•108 views

Solaris SunSSH libpam buffer overflow

Added: 01/08/2021 Background SunSSH is a fork of OpenSSH for Solaris. It provides remote login capability on Solaris platforms. Problem A buffer overflow vulnerability in libpam could allow a remote attacker to execute arbitrary commands by sending a specially crafted authentication request to...

1.8AI score
Exploits0
Saint
Saint
•added 2019/09/27 12:0 a.m.•108 views

vBulletin remote command execution via the widgetConfig[code] parameter

Added: 09/27/2019 Background vBulletin is a commercial web bulletin board application written in PHP using MySQL. Problem vBulletin allows remote command execution via the widgetConfigcode parameter in an ajax/render/widgetphp routestring request. Resolution Upgrade vBulletin to version higher th...

3.8AI score
Exploits0
Saint
Saint
•added 2015/06/26 12:0 a.m.•109 views

Ubuntu overlayfs privilege elevation

Added: 06/26/2015 CVE: CVE-2015-1328 BID: 75206 Background Overlayfs is a type of file system for Linux which implements a union mount. Problem In Ubuntu, overlayfs fails to correctly check file permissions when creating new files in the upper filesystem directory. This can be exploited by an...

7.8CVSS7.3AI score0.37679EPSS
Exploits22
Saint
Saint
•added 2014/11/05 12:0 a.m.•108 views

Bash Environment Variable Handling Shell Command Injection Via CUPS

Added: 11/05/2014 CVE: CVE-2014-6271 BID: 70103 OSVDB: 112004 Background GNU Bash Bourne Again SHell is a command shell commonly used on Linux and Unix systems. CUPS is printing software for UNIX-like systems that allows a computer to act as a print server. Problem The Bash shell executes command...

10CVSS10AI score0.99999EPSS
Exploits132
Saint
Saint
•added 2010/09/17 12:0 a.m.•108 views

Adobe Reader CoolType.dll buffer overflow

Added: 09/17/2010 CVE: CVE-2010-2883 BID: 43057 OSVDB: 67849 Background Adobe Reader is free software for viewing PDF documents. Problem A buffer overflow in the CoolType.dll module allows command execution when a user opens a PDF document containing a long, specially crafted field in a SING tabl...

9.3CVSS7.7AI score0.82485EPSS
Exploits13
Saint
Saint
•added 2006/05/08 12:0 a.m.•108 views

Apache chunked encoding buffer overflow

Added: 05/08/2006 CVE: CVE-2002-0392 BID: 5033 OSVDB: 838 Background Apache web servers support chunked encoding, which is used by a web client to send data to the server in parts, or chunks. Problem A flaw in the calculation of the size of chunked encoding leads to a buffer overflow, allowing...

7.5CVSS6.6AI score0.95027EPSS
Exploits8
Saint
Saint
•added 2006/01/13 12:0 a.m.•108 views

Microsoft Exchange X-LINK2STATE buffer overflow

Added: 01/13/2006 CVE: CVE-2005-0560 BID: 13118 OSVDB: 15467 Background Microsoft Exchange is an e-mail server for Microsoft Windows operating systems. Problem A buffer overflow condition in the handling of the X-LINK2STATE extended verb could allow a remote attacker to execute arbitrary commands...

7.5CVSS7.3AI score0.69482EPSS
Exploits6
Saint
Saint
•added 2013/02/15 12:0 a.m.•107 views

Ruby on Rails XML Processor YAML Deserialization

Added: 02/15/2013 CVE: CVE-2013-0156 BID: 57187 OSVDB: 89026 Background Ruby on Rails is a full stack, Web application framework optimized for sustainable programming productivity, allowing writing sound code by favoring convention over configuration. Problem Ruby on Rails versions prior to 2.3.1...

7.5CVSS7.7AI score0.99449EPSS
Exploits21
Saint
Saint
•added 2011/11/23 12:0 a.m.•107 views

Microsoft SharePoint Office Document Load Balancer SOAP Vulnerability

Added: 11/23/2011 CVE: CVE-2010-3964 BID: 45264 OSVDB: 69817 Background Microsoft SharePoint is a web application platform that provides web content management and document management as an aid to collaboration among users. SharePoint's multi-purpose design allows for managing and provisioning of...

7.5CVSS7.1AI score0.93916EPSS
Exploits9
Total number of security vulnerabilities4305