Lucene search
K
SaintMost viewed

4305 matches found

Saint
Saint
•added 2014/12/31 12:0 a.m.•18 views

Liferay Portal Apache Felix command injection

Added: 12/31/2014 OSVDB: 116510 Background Liferay Portal is an enterprise web platform for building business solutions. Apache Felix is an implementation of the OSGi Framework and Service platform. Problem Liferay Portal is affected by a vulnerability which could allow remote attackers to execut...

8.3AI score
Exploits0
Saint
Saint
•added 2014/09/16 12:0 a.m.•18 views

ALCASAR index.php Crafted HTTP host Header Vulnerability

Added: 09/16/2014 BID: 69662 OSVDB: 111026 Background ALCASAR is a free Network Access Controller that allows network managers to restrict Internet service access to authenticated users. ALCASAR allows control and logging of all network activity by users and/or defined user groups. Problem ALCASA...

1.8AI score
Exploits0
Saint
Saint
•added 2013/08/20 12:0 a.m.•18 views

HP LeftHand Virtual SAN Appliance Hydra Service Login Buffer Overflow

Added: 08/20/2013 CVE: CVE-2013-2343 BID: 60884 OSVDB: 94701 Background HP LeftHand Virtual SAN Appliance VSA software is a VMware certified SAN/storage device and virtual appliance that provides complete SAN functionality for VMware Infrastructure without external SAN hardware. Problem HP LeftHa...

10CVSS7.9AI score0.61813EPSS
Exploits8
Saint
Saint
•added 2013/07/03 12:0 a.m.•18 views

SAP NetWeaver SOAP RFC SXPG_COMMAND_EXECUTE Command Execution

Added: 07/03/2013 BID: 55084 OSVDB: 93536 Background SAP NetWeaver is a technology platform for building and integrating SAP business applications. Remote Function Call RFC is the standard SAP interface for communication between SAP systems. Transaction SM69 is used to create and maintain externa...

8.2AI score
Exploits0
Saint
Saint
•added 2013/01/23 12:0 a.m.•18 views

Nagios XI Graph Explorer Component OS Command Injection Vulnerability

Added: 01/23/2013 BID: 54263 OSVDB: 83552 Background Nagios XI is a network host and service monitoring and management system. Problem Nagios XI Graph Explorer Component is vulnerable to arbitrary command execution by authenticated users. The vulnerability is due to the visApi.php script not...

7.4AI score
Exploits0
Saint
Saint
•added 2012/12/03 12:0 a.m.•18 views

Novell NetIQ Privileged User Manager Security Bypass

Added: 12/03/2012 BID: 56539 OSVDB: 87334 Background Novell NetIQ Privileged User Manager NPUM allows IT administrators to work on systems without exposing superuser administrator or supervisor passwords or root-account credentials to the administrator. Problem NetIQ Privileged User Manager 2.3.1...

0.6AI score
Exploits0
Saint
Saint
•added 2012/11/16 12:0 a.m.•18 views

SafeNet PrivAgent.ocx ActiveX control ChooseFilePath buffer overflow

Added: 11/16/2012 BID: 56297 OSVDB: 86723 Background SafeNet Hardware Against Software Piracy HASP solutions include the PrivAgent.ocx ActiveX control. Problem A buffer overflow vulnerability in the ChooseFilePath method of the PrivAgent.ocx ActiveX control allows command execution when a user...

7.8AI score
Exploits0
Saint
Saint
•added 2012/05/02 12:0 a.m.•18 views

FreePBX callmenum Remote Code Execution

Added: 05/02/2012 BID: 52630 OSVDB: 80544 Background FreePBX is an open source telephony front-end, which has an easy to use graphical user interface that controls and manages Asterisk. Problem FreePBX fails to properly sanitize user-supplied input passed to 'callmenum' parameter in...

7.8AI score
Exploits0
Saint
Saint
•added 2012/04/18 12:0 a.m.•18 views

Screen Capture

Added: 04/18/2012 Background This tool captures the screen of a remote target. Limitations An existing connection to the remote target is required. For Unix and Linux systems, the xwd utility must be present on the remote target. Platforms Windows Linux Unix...

1.8AI score
Exploits0
Saint
Saint
•added 2012/03/20 12:0 a.m.•18 views

CA Total Defense UNCWS exportReport SQL Injection

Added: 03/20/2012 OSVDB: 78930 Background CA Total Defense is a combined host-based anti-virus, anti-spyware, firewall, and IPS solution. Problem CA Total Defense includes a web service management component, which in version r12 prior to SE3, fails to validate certain parameters. The exportReport...

7.9AI score
Exploits0
Saint
Saint
•added 2012/03/19 12:0 a.m.•18 views

ASUS Net4Switch ipswcom.dll ActiveX Control Buffer Overflow

Added: 03/19/2012 BID: 52110 OSVDB: 79438 Background Asus manufactures computers, peripherals, computer components and network switches. Problem The Asus Net4Switch ipswcom.dll ActiveX component is vulnerable to buffer overflow as a result of failure to perform adequate boundary checks on...

7.8AI score
Exploits0
Saint
Saint
•added 2011/12/12 12:0 a.m.•18 views

VanDyke AbsoluteFTP FTP Client LIST Overflow

Added: 12/12/2011 BID: 50614 OSVDB: 77105 Background VanDyke AbsoluteFTP is a popular free FTP client. AbsoluteFTP was replaced by SecureFX in 1998, and support for AbsoluteFTP ended in 2007. Problem The AbsoluteFTP client contains a buffer overflow vulnerability when parsing file and directory...

7.8AI score
Exploits0
Saint
Saint
•added 2011/11/15 12:0 a.m.•18 views

Oracle Hyperion Financial Management ActiveX File Upload

Added: 11/15/2011 BID: 50476 Background Oracle Hyperion Financial Management is a web-based financial consolidation, reporting and analysis solution. Problem Hyperion Financial Management webapp installs an ActiveX control on the target system. This control is marked as safe for scripting and...

6.7AI score
Exploits0
Saint
Saint
•added 2011/07/14 12:0 a.m.•18 views

Crack OS X 10.7 Hashes

Added: 07/14/2011 Background This tool attempts to crack the passwords retreived by the "Mac OS X Hash grab" exploit tool. Acounts are cracked using dictionaries/Commonpwlong.txt Limitations An existing macosxhashgrab.out file must exist in the /exploits directory. Platforms Mac OS X...

0.3AI score
Exploits0
Saint
Saint
•added 2011/07/14 12:0 a.m.•18 views

Mac camera image capture

Added: 07/14/2011 Background This tool attempts to retrieve an image file captured by an iSight camera such as the one built into a MacBook. Limitations A connection to the target is required to run this tool. Platforms Mac OS X...

1AI score
Exploits0
Saint
Saint
•added 2011/03/17 12:0 a.m.•18 views

Cisco Security Agent Management Center Code Execution

Added: 03/17/2011 CVE: CVE-2011-0364 BID: 65436 OSVDB: 70884 Background Cisco Security Agent Management Center is the server component of Cisco's Security Agent endpoint IPS solution. It is responsible for collecting event log information from endpoints and distributing rules updates. Problem The...

10CVSS6.2AI score0.19617EPSS
Exploits9
Saint
Saint
•added 2011/02/24 12:0 a.m.•18 views

Citrix Provisioning Services streamprocess.exe Stack Overflow

Added: 02/24/2011 BID: 45914 OSVDB: 70597 Background Citrix Provisioning Services dynamically provisions virtual servers to simplify and streamline server management, while reducing software rollout risk. Problem Citrix Provisioning Service 5.6 and prior are vulnerable to a remotely exploitable...

7.8AI score
Exploits0
Saint
Saint
•added 2010/08/05 12:0 a.m.•18 views

Apple QuickTime Streaming Debug Error Logging Buffer Overflow

Added: 08/05/2010 BID: 41962 OSVDB: 66636 Background QuickTime is a media player for Windows and Mac OS platforms. Problem Apple QuickTime is vulnerable to a stack buffer overflow in QuickTimeStreaming.qtx when processing specially crafted SMIL files. The crafted SMIL files contain an invalid and...

0.3AI score
Exploits0
Saint
Saint
•added 2010/07/29 12:0 a.m.•18 views

Yahoo Messenger WScript.Shell ActiveX control command execution

Added: 07/29/2010 Background Yahoo! Messenger is an instant messaging application. It includes the WScript.Shell ActiveX control. Problem The Execute method of the WScript.Shell ActiveX control allows command execution when a malicious web page is loaded in Internet Explorer. Resolution Set the...

7.4AI score
Exploits0
Saint
Saint
•added 2010/05/10 12:0 a.m.•18 views

Novell ZENworks Configuration Management UploadServlet Remote Code Execution

Added: 05/10/2010 BID: 39114 OSVDB: 63412 Background Novell ZENworks Configuration Management is an IT desktop computer management suite that provides the ability to install, configure and administer desktop computers from a centralized location. The product is based on a client/server...

Exploits0
Saint
Saint
•added 2010/02/22 12:0 a.m.•18 views

Xi Software Net Transport eDonkey Protocol Buffer Overflow

Added: 02/22/2010 OSVDB: 61435 Background Net Transport, also known as NetXfer, is a download manager for Windows made by Xi Software. Among the protocols Net Transport can handle is eDonkey, a decentrailized peer to peer network for file sharing. Problem The Net Transport download manager fails ...

0.5AI score
Exploits0
Saint
Saint
•added 2010/02/09 12:0 a.m.•18 views

BigAnt Messenger Server USV Command Buffer Overflow

Added: 02/09/2010 BID: 37520 OSVDB: 61386 Background BigAnt Messenger Server offers secure instant messaging, file transfer, voip, video chat, web conferencing and more. Problem BigAnt server version 2.52 and earlier are vulnerable to a remote, unauthenticated buffer overflow attack. The...

7.8AI score
Exploits0
Saint
Saint
•added 2010/01/29 12:0 a.m.•18 views

HP OpenView Storage Data Protector Cell Manager buffer overflow

Added: 01/29/2010 Background HP Data Protector is an automated data backup solution. Problem A buffer overflow vulnerability in HP OpenView Storage Data Protector allows remote attackers to execute arbitrary commands by sending a specially crafted request to the Cell Manager service. Resolution...

8.6AI score
Exploits0
Saint
Saint
•added 2010/01/22 12:0 a.m.•18 views

HP Power Manager formExportDataLogs buffer overflow

Added: 01/22/2010 CVE: CVE-2009-3999 BID: 37867 OSVDB: 61848 Background HP Power Manager is a web-based application that enables administrators to manage an HP UPS from a browser-based management console. Problem A buffer overflow vulnerability HP Power Manager allows remote attackers to execute...

10CVSS6.9AI score0.71807EPSS
Exploits11
Saint
Saint
•added 2009/12/10 12:0 a.m.•18 views

EasyMail SMTP ActiveX Control AddAttachment buffer overflow

Added: 12/10/2009 BID: 36440 OSVDB: 59939 Background QuikSoft EasyMail Objects is a set of ActiveX controls which provide e-mail functionality. QuikSoft EasyMail Objects is included with Oracle Document Capture among other products. Problem A stack buffer overflow vulnerability in the...

7.8AI score
Exploits0
Saint
Saint
•added 2009/12/07 12:0 a.m.•18 views

VideoLAN VLC Media Player MP4_BoxDumpStructure Buffer Overflow

Added: 12/07/2009 BID: 36439 OSVDB: 58217 Background VLC media player is a media player supporting various audio and video formats for multiple platforms. Problem A buffer overflow vulnerability exists in VideoLAN VLC media player due to an error when an overly deep box structure in ".mp4" files....

8.3AI score
Exploits0
Saint
Saint
•added 2009/11/13 12:0 a.m.•18 views

InterSystems Cache HTTP Stack Buffer Overflow

Added: 11/13/2009 Background InterSystems Cache is a high-performance object database that also enables rapid Web application development. Problem Intersystems Cache is vulnerable to a HTTP stack buffer overflow as a result of a specially crafted parameter to the UtilConfigHome.csp page. Resoluti...

7.7AI score
Exploits0
Saint
Saint
•added 2009/05/12 12:0 a.m.•18 views

Oracle Database password weakness

Added: 05/12/2009 Background Oracle Database is a relational database solution available for multiple platforms. Problem The Oracle Database service has accounts with default or easily guessed passwords, which could allow an attacker to make unauthorized SQL queries. Resolution Set a strong...

1.5AI score
Exploits0
Saint
Saint
•added 2009/05/11 12:0 a.m.•18 views

MySQL password weakness

Added: 05/11/2009 Background MySQL is an open-source database software package available for multiple platforms. Problem A MySQL database account has no password or an easily guessed password, allowing a remote attacker to make unauthorized queries. Resolution Set a strong password for all MySQL...

0.3AI score
Exploits0
Saint
Saint
•added 2008/08/13 12:0 a.m.•18 views

CoolPlayer m3u playlist processing filename buffer overflow

Added: 08/13/2008 CVE: CVE-2008-3408 BID: 30418 OSVDB: 47194 Background CoolPlayer is a free audio player for Windows platforms. Problem A buffer overflow vulnerability in CoolPlayer allows command execution when a user opens an m3u playlist file containing a specially crafted filename. Resolutio...

6.8CVSS6.9AI score0.09665EPSS
Exploits5
Saint
Saint
•added 2008/07/07 12:0 a.m.•18 views

Orbit Downloader URL Unicode conversion buffer overflow

Added: 07/07/2008 CVE: CVE-2008-1602 BID: 28541 OSVDB: 44036 Background Orbit Downloader is a download manager supporting various protocols. Problem A buffer overflow vulnerability during Unicode conversion in the download failure notification message allows command execution when Orbit Downloade...

10CVSS6.8AI score0.6749EPSS
Exploits10
Saint
Saint
•added 2008/06/16 12:0 a.m.•18 views

HP StorageWorks Storage Mirroring DoubleTake.exe encoded authentication overflow

Added: 06/16/2008 CVE: CVE-2008-1661 OSVDB: 45924 Background HP StorageWorks is a virtualized storage solution for mid-sized customers. Problem A buffer overflow vulnerability in the DoubleTake.exe process allows remote attackers to execute arbitrary commands by sending a long, specially crafted...

10CVSS7.9AI score0.68962EPSS
Exploits9
Saint
Saint
•added 2008/06/16 12:0 a.m.•18 views

HP StorageWorks Storage Mirroring DoubleTake.exe encoded authentication overflow

Added: 06/16/2008 CVE: CVE-2008-1661 OSVDB: 45924 Background HP StorageWorks is a virtualized storage solution for mid-sized customers. Problem A buffer overflow vulnerability in the DoubleTake.exe process allows remote attackers to execute arbitrary commands by sending a long, specially crafted...

10CVSS7.9AI score0.68962EPSS
Exploits9
Saint
Saint
•added 2008/05/15 12:0 a.m.•18 views

Motorola Timbuktu login request buffer overflow

Added: 05/15/2008 CVE: CVE-2007-4221 BID: 25454 OSVDB: 40124 Background Motorola Timbuktu is remote control software for Windows and Mac. It runs a service which listens for connections on port 407/TCP or 407/UDP. Problem A buffer overflow vulnerability when processing login requests allows remot...

10CVSS7.9AI score0.06264EPSS
Exploits4
Saint
Saint
•added 2008/02/04 12:0 a.m.•18 views

Winamp Ultravox streaming metadata artist tag buffer overflow

Added: 02/04/2008 CVE: CVE-2008-0065 BID: 27344 OSVDB: 41707 Background Winamp is a media player for Windows. Problem A buffer overflow vulnerability in the inmp3.dll library when parsing Ultravox streaming metadata allows command execution when a user opens a stream containing a long, specially...

10CVSS6.9AI score0.61275EPSS
Exploits8
Saint
Saint
•added 2007/11/23 12:0 a.m.•18 views

Microsoft Jet Engine MDB file ColumnName buffer overflow

Added: 11/23/2007 CVE: CVE-2007-6026 BID: 26468 OSVDB: 44880 Background The Microsoft Jet Database Engine provides data access functionality for a number of applications. Problem A buffer overflow vulnerability in the Microsoft Jet Database Engine could lead to command execution when a user opens...

9.3CVSS6.7AI score0.28268EPSS
Exploits6
Saint
Saint
•added 2007/08/03 12:0 a.m.•18 views

Windows rshd buffer overflow

Added: 08/03/2007 CVE: CVE-2007-4006 BID: 25044 OSVDB: 38572 Background The Windows implementation of RSHD is a remote shell daemon which has been adapted to run on Windows platforms. Problem A buffer overflow vulnerability in the Windows implementation of RSHD allows remote attackers to execute...

6.8CVSS7.6AI score0.34481EPSS
Exploits7
Saint
Saint
•added 2006/12/29 12:0 a.m.•18 views

NetMail IMAP APPEND command buffer overflow

Added: 12/29/2006 CVE: CVE-2006-6425 BID: 21723 OSVDB: 31362 Background Novell NetMail is an e-mail and calendaring server application. Problem A buffer overflow in the NetMail IMAP service allows remote, authenticated attackers to execute arbitrary commands by sending a long, specially crafted...

9CVSS7.7AI score0.58474EPSS
Exploits7
Saint
Saint
•added 2006/12/15 12:0 a.m.•18 views

AOL ICQ ActiveX DownloadAgent vulnerability

Added: 12/15/2006 CVE: CVE-2006-5650 BID: 20930 OSVDB: 30220 Background America Online AOL ICQ is a widely used program for communicating with other users on the Internet. Problem The ICQPhone.SipxPhoneManager ActiveX control, which is installed with ICQ, includes a function called DownloadAgent...

7.5CVSS7.2AI score0.66368EPSS
Exploits9
Saint
Saint
•added 2006/12/01 12:0 a.m.•18 views

MailEnable IMAP SELECT buffer overflow

Added: 12/01/2006 CVE: CVE-2006-6290 BID: 21362 OSVDB: 31698 Background MailEnable is a mail server supporting SMTP and POP3 for Windows platforms. MailEnable Professional and MailEnable Enterprise also include IMAP and HTTPMail services. Problem A buffer overflow vulnerability in the IMAP servic...

6.5CVSS7.5AI score0.03171EPSS
Exploits4
Saint
Saint
•added 2006/09/18 12:0 a.m.•18 views

Mercury Mail IMAP DELETE command buffer overflow

Added: 09/18/2006 CVE: CVE-2004-1211 BID: 11775 OSVDB: 12508 Background Mercury Mail Transport System is an e-mail server product for Windows and NetWare. Problem Buffer overflow vulnerabilities in the IMAP service allow authenticated attackers to execute arbitrary commands using long arguments t...

10CVSS7.5AI score0.72459EPSS
Exploits8
Saint
Saint
•added 2006/08/23 12:0 a.m.•18 views

Oracle Database string conversion buffer overflow

Added: 08/23/2006 BID: 10871 OSVDB: 9890 Background Oracle Database is a relational database product for multiple platforms. Problem The string conversion function in Oracle Database is affected by a buffer overflow vulnerability. A remote attacker could execute arbitrary commands by sending a lo...

8.2AI score
Exploits0
Saint
Saint
•added 2006/06/26 12:0 a.m.•18 views

MailEnable HTTPMail Authorization header buffer overflow

Added: 06/26/2006 CVE: CVE-2005-1348 BID: 13350 OSVDB: 15737 Background MailEnable is a mail server for Windows platforms. The standard edition supports the SMTP and POP3 protocols. MailEnable Professional and MailEnable Enterprise also support IMAP and HTTPMail. Problem MailEnable's HTTPMail...

7.5CVSS7.7AI score0.72622EPSS
Exploits6
Saint
Saint
•added 2006/02/24 12:0 a.m.•18 views

Safari archive metadata command execution

Added: 02/24/2006 CVE: CVE-2006-0848 BID: 16736 OSVDB: 23366 Background The Safari web browser supports explicit binding, which allows a file to override the default application for its file type. Safe files are files such as pictures, movies, and archives which are opened automatically when...

5.1CVSS6.3AI score0.58105EPSS
Exploits8
Saint
Saint
•added 2005/12/30 12:0 a.m.•18 views

Eudora WorldMail IMAP LIST command buffer overflow

Added: 12/30/2005 CVE: CVE-2005-4267 BID: 15980 OSVDB: 22097 Background Eudora WorldMail is an e-mail server for Windows. Problem A long IMAP command ending with a close brace character could result in a buffer overflow, leading to remote command execution. Resolution Upgrade to a version of Eudo...

7.5CVSS6.8AI score0.66803EPSS
Exploits10
Saint
Saint
•added 2005/11/30 12:0 a.m.•18 views

Oracle Enterprise Manager Agent buffer overflow

Added: 11/30/2005 CVE: CVE-2005-3460 BID: 15146 OSVDB: 20664 Background Oracle Application Server 10g includes the emagent.exe program which listens for connections on port 1830/TCP by default. Problem A buffer overflow vulnerability in emagent.exe could allow a remote attacker to execute arbitra...

10CVSS7.5AI score0.04145EPSS
Exploits4
Saint
Saint
•added 2015/08/13 12:0 a.m.•17 views

PCMan FTP Server PUT buffer overflow

Added: 08/13/2015 Background PCMan's FTP Server is a free FTP server for Windows. Problem A buffer overflow vulnerability in PCMan's FTP Server allows remote attackers to execute arbitrary commands. Resolution There is no known fix for this vulnerability. Use a different FTP server, or block acce...

1AI score
Exploits0
Saint
Saint
•added 2015/05/11 12:0 a.m.•17 views

iTunes .PLS Title buffer overflow

Added: 05/11/2015 Background iTunes is a free media player for multiple platforms. Problem A buffer overflow vulnerability in iTunes allows command execution when a .PLS file containing a specially crafted Title parameter is opened. Resolution Do not open untrusted .PLS files. References...

7.9AI score
Exploits0
Saint
Saint
•added 2014/09/16 12:0 a.m.•17 views

ALCASAR index.php Crafted HTTP host Header Vulnerability

Added: 09/16/2014 BID: 69662 OSVDB: 111026 Background ALCASAR is a free Network Access Controller that allows network managers to restrict Internet service access to authenticated users. ALCASAR allows control and logging of all network activity by users and/or defined user groups. Problem ALCASA...

8.1AI score
Exploits0
Saint
Saint
•added 2013/06/03 12:0 a.m.•17 views

SAP NetWeaver SOAP RFC SXPG_CALL_SYSTEM Command Execution

Added: 06/03/2013 OSVDB: 93537 Background SAP NetWeaver is a technology platform for building and integrating SAP business applications. Remote Function Call RFC is the standard SAP interface for communication between SAP systems. Transaction SM69 is used to create and maintain external operating...

7.6AI score
Exploits0
Total number of security vulnerabilities4305