Lucene search
K
SaintMost viewed

4305 matches found

Saint
Saint
•added 2009/10/13 12:0 a.m.•13 views

Google Apps googleapps.url.mailto handler command injection

Added: 10/13/2009 BID: 36581 Background Google Apps is a web-based productivity suite hosted by Google. Problem Google Apps handles googleapps.url.mailto URLs by passing the URL as a command-line argument to the googleapps.exe program without sufficiently validating the URL. This allows command...

7.2AI score
Exploits0
Saint
Saint
•added 2009/09/22 12:0 a.m.•13 views

Symantec Altiris eXpress NS SC Download ActiveX control vulnerability

Added: 09/22/2009 BID: 36346 OSVDB: 57893 Background The Altiris eXpress NS SC Download ActiveX control is installed with several products, including Altiris Deployment Solution. Problem The Altiris eXpress NS SC Download ActiveX control allows remote files to be downloaded, saved to arbitrary...

7.4AI score
Exploits0
Saint
Saint
•added 2009/06/04 12:0 a.m.•13 views

Find Metadata

Added: 06/04/2009 Background This tool searches the Internet for PDF and Microsoft Office files in the given domain, and extracts the metadata from those files. This metadata often contains the names or aliases of the document's authors or contributors, which can be used to guess valid e-mail...

1.7AI score
Exploits0
Saint
Saint
•added 2009/03/29 12:0 a.m.•13 views

SAP GUI SAPBExCommonResources ActiveX Command Execution

Added: 03/29/2009 Background The SAP GUI is the GUI client in SAP's 3-tier architecture of database, application server and client. The SAP GUI family is available for Windows, Java, and HTML/Internet Transaction Server ITS environment. SAP GUI for Windows registers the...

7.7AI score
Exploits0
Saint
Saint
•added 2009/01/20 12:0 a.m.•13 views

Upload command to Startup folder

Added: 01/20/2009 Background Each user's Startup folder on Windows systems contains programs which run at start-up time. This tool attempts to upload a command connection to a user's Startup folder. If successful, the connection will be established the next time the computer starts. Limitations A...

1.5AI score
Exploits0
Saint
Saint
•added 2008/12/19 12:0 a.m.•13 views

Visual FoxPro vfp6r.dll ActiveX Control DoCmd command execution

Added: 12/19/2008 CVE: CVE-2008-0236 BID: 27205 OSVDB: 40380 Background Visual FoxPro is a tool for developing database applications. Problem The vfp6r.dll ActiveX control allows command execution when a user opens a web page which uses the DoCmd method. Resolution Set the kill bit for class ID...

5.8CVSS6.4AI score0.17384EPSS
Exploits5
Saint
Saint
•added 2007/10/15 12:0 a.m.•13 views

Kodak Image Viewer TIFF image handling vulnerability

Added: 10/15/2007 CVE: CVE-2007-2217 BID: 25909 OSVDB: 37627 Background The Windows Kodak Image Viewer is a utility for rendering various image formats. It is included in Windows 2000, and may also be present on newer versions of Windows if a computer was upgraded from Windows 2000. Problem A...

9.3CVSS6.5AI score0.41415EPSS
Exploits7
Saint
Saint
•added 2007/08/03 12:0 a.m.•13 views

Windows rshd buffer overflow

Added: 08/03/2007 CVE: CVE-2007-4006 BID: 25044 OSVDB: 38572 Background The Windows implementation of RSHD is a remote shell daemon which has been adapted to run on Windows platforms. Problem A buffer overflow vulnerability in the Windows implementation of RSHD allows remote attackers to execute...

6.8CVSS7.6AI score0.34481EPSS
Exploits7
Saint
Saint
•added 2015/05/11 12:0 a.m.•12 views

iTunes .PLS Title buffer overflow

Added: 05/11/2015 Background iTunes is a free media player for multiple platforms. Problem A buffer overflow vulnerability in iTunes allows command execution when a .PLS file containing a specially crafted Title parameter is opened. Resolution Do not open untrusted .PLS files. References...

7.9AI score
Exploits0
Saint
Saint
•added 2011/01/26 12:0 a.m.•12 views

Freefloat FTP Server USER Command Buffer Overflow

Added: 01/26/2011 BID: 45181 OSVDB: 69621 Background Freefloat is a software series developed directly for handheld terminals. Freefloat FTP Server is a free FTP server for various versions of Windows including Windows CE/Pocket PC. Problem Freefloat FTP Server is vulnerable to a stack overflow a...

7.8AI score
Exploits0
Saint
Saint
•added 2011/01/10 12:0 a.m.•12 views

HP Photo Creations audio.Record ActiveX Stack Buffer Overflow

Added: 01/10/2011 BID: 45631 Background HP Photo Creations is free software that lets the user create photo books, calendars, collages, greeting cards and other keepsakes that can be printed or shipped to the user. HP Photo Creations installs and registers the audio.Record ActiveX control which...

7.8AI score
Exploits0
Saint
Saint
•added 2010/10/10 12:0 a.m.•12 views

Reverse Shell Applet

Added: 10/10/2010 Background This tool runs an exploit server which delivers a signed java applet, embedded in an HTML page, to the target hosts. The user is presented with a signed digital certificate which, when accepted, establishes a reverse shell connection back to the exploit server. Proble...

0.9AI score
Exploits0
Saint
Saint
•added 2010/08/16 12:0 a.m.•12 views

Novell iPrint Client ActiveX Control ExecuteRequest debug buffer overflow

Added: 08/16/2010 BID: 42100 OSVDB: 66960 Background Novell iPrint is an application which allows users to install and manage printers. Novell iPrint installs the Novell iPrint Control ActiveX control named ienipp.ocx. Problem A buffer overflow vulnerability in ienipp.ocx allows command execution...

7.8AI score
Exploits0
Saint
Saint
•added 2010/03/22 12:0 a.m.•12 views

Open and Compact FTP Server Long Password Buffer Overflow

Added: 03/22/2010 Background Open and Compact FTP Server Open-FTPD is a Windows-based compact FTP server. Problem A buffer overflow vulnerability allows command execution as a result of an overly long password. Resolution Upgrade to a version newer than 1.2 when it becomes available, or use a...

8AI score
Exploits0
Saint
Saint
•added 2010/01/28 12:0 a.m.•12 views

PHP Remote File Inclusion

Added: 01/28/2010 Background PHP scripts support the include and require statements, which cause an outside script to be run within the calling script. The included script can be a local file or, in some configurations, the URL of a remote file. Problem The PHP script is vulnerable to a remote fi...

0.4AI score
Exploits0
Saint
Saint
•added 2009/05/11 12:0 a.m.•12 views

MySQL password weakness

Added: 05/11/2009 Background MySQL is an open-source database software package available for multiple platforms. Problem A MySQL database account has no password or an easily guessed password, allowing a remote attacker to make unauthorized queries. Resolution Set a strong password for all MySQL...

0.3AI score
Exploits0
Saint
Saint
•added 2009/03/10 12:0 a.m.•12 views

Winamp skin file MAKI script buffer overflow

Added: 03/10/2009 BID: 34009 Background Winamp is a media player for Windows. Problem A buffer overflow in Winamp allows command execution when a user opens a skin file containing a compiled MAKI script with a specially crafted string having an incorrect length field. Resolution Upgrade to Winamp...

0.6AI score
Exploits0
Saint
Saint
•added 2009/01/28 12:0 a.m.•12 views

E-mail attachment execution

Added: 01/28/2009 Background This tool sends an e-mail attachment which, when executed, establishes a command connection. Limitations This tool requires a user to execute the e-mail attachment in order to succeed. This tool requires the IP address of a working mail server which allows relaying of...

1.7AI score
Exploits0
Saint
Saint
•added 2009/01/20 12:0 a.m.•12 views

Upload command to Startup folder

Added: 01/20/2009 Background Each user's Startup folder on Windows systems contains programs which run at start-up time. This tool attempts to upload a command connection to a user's Startup folder. If successful, the connection will be established the next time the computer starts. Limitations A...

1.5AI score
Exploits0
Saint
Saint
•added 2009/01/20 12:0 a.m.•12 views

Upload command to Startup folder

Added: 01/20/2009 Background Each user's Startup folder on Windows systems contains programs which run at start-up time. This tool attempts to upload a command connection to a user's Startup folder. If successful, the connection will be established the next time the computer starts. Limitations A...

7.6AI score
Exploits0
Saint
Saint
•added 2008/11/25 12:0 a.m.•12 views

Disable Firewall

Added: 11/25/2008 Background This tool attempts to disable the firewall on the target. Limitations A connection to the target is required to run this tool. The connection requires root privileges on Unix and Linux targets. Platforms Windows / Linux / Unix...

3.2AI score
Exploits0
Saint
Saint
•added 2008/08/27 12:0 a.m.•12 views

CMailServer CMailCOM.dll MoveToFolder buffer overflow

Added: 08/27/2008 BID: 30098 OSVDB: 46750 Background CMailServer is a mail and web mail server. The CMailServer web interface includes the CMailCOM.dll component which provides several classes. Problem A buffer overflow vulnerability in the MoveToFolder method of the POP3 class in CMailCOM.dll...

8.6AI score
Exploits0
Saint
Saint
•added 2008/08/27 12:0 a.m.•12 views

CMailServer CMailCOM.dll MoveToFolder buffer overflow

Added: 08/27/2008 BID: 30098 OSVDB: 46750 Background CMailServer is a mail and web mail server. The CMailServer web interface includes the CMailCOM.dll component which provides several classes. Problem A buffer overflow vulnerability in the MoveToFolder method of the POP3 class in CMailCOM.dll...

8.6AI score
Exploits0
Saint
Saint
•added 2008/07/18 12:0 a.m.•12 views

Alt-N SecurityGateway username buffer overflow

Added: 07/18/2008 CVE: CVE-2008-4193 BID: 29457 OSVDB: 45854 Background Alt-N SecurityGateway is an e-mail spam firewall for Exchange and SMTP servers. Problem A buffer overflow vulnerability in the web administration interface allows remote attackers to execute arbitrary commands by sending an...

10CVSS7.8AI score0.74612EPSS
Exploits8
Saint
Saint
•added 2026/07/02 12:0 a.m.•11 views

Progress LoadMaster API command injection

Added: 07/02/2026 CVE: CVE-2026-8037 Background LoadMaster is delivery and security application with cloud-native, virtual and hardware load balancers. Problem A command injection vulnerability allows remote attackers to execute arbitrary code by sending a specially crafted API request. Resolutio...

9.8CVSS7.7AI score0.4343EPSS
Exploits3
Saint
Saint
•added 2010/12/10 12:0 a.m.•11 views

Disk Pulse Server GetServerInfo buffer overflow

Added: 12/10/2010 BID: 43919 Background Disk Pulse is a disk change monitoring solution. Problem A buffer overflow vulnerability in Disk Pulse Server allows remote attackers to execute arbitrary commands by sending a specially crafted GetServerInfo request to port 9120/TCP. Resolution Upgrade to ...

8.7AI score
Exploits0
Saint
Saint
•added 2010/10/11 12:0 a.m.•11 views

Novell iManager getMultiPartParameters file upload vulnerability

Added: 10/11/2010 BID: 43635 OSVDB: 68320 Background Novell iManager is a web-based management interface for other Novell products. Problem The getMultiPartParameters function in the nps.jar web application in Novell iManager allows remote attackers to upload arbitrary files to the server. By...

7.8AI score
Exploits0
Saint
Saint
•added 2009/10/01 12:0 a.m.•11 views

ProFTP welcome message buffer overflow

Added: 10/01/2009 BID: 36128 OSVDB: 57394 Background Labtam ProFTP is an FTP client program for Microsoft Windows. Problem A buffer overflow vulnerability allows command execution when a user connects to an FTP server which sends a specially crafted welcome message. Resolution Apply a fix from th...

7.8AI score
Exploits0
Saint
Saint
•added 2009/09/30 12:0 a.m.•11 views

Click Logger

Added: 09/30/2009 Background This tool runs an exploit server which simply returns an error page and logs which users visited it. It can be used to find out which users were susceptible to clicking on the link in an e-mail message. Limitations The target must be present in the license key but is...

1.9AI score
Exploits0
Saint
Saint
•added 2009/09/30 12:0 a.m.•11 views

Click Logger

Added: 09/30/2009 Background This tool runs an exploit server which simply returns an error page and logs which users visited it. It can be used to find out which users were susceptible to clicking on the link in an e-mail message. Limitations The target must be present in the license key but is...

1.9AI score
Exploits0
Saint
Saint
•added 2009/09/17 12:0 a.m.•12 views

ACDSee TIFF file handling buffer overflow

Added: 09/17/2009 BID: 35175 OSVDB: 54822 Background ACDSee is a suite of products for viewing and organizing photos. Problem A buffer overflow vulnerability allows command execution when a user opens a specially crafted TIFF file. Resolution Apply a fix when available. If a fix is not available,...

0.6AI score
Exploits0
Saint
Saint
•added 2009/09/17 12:0 a.m.•11 views

ACDSee TIFF file handling buffer overflow

Added: 09/17/2009 BID: 35175 OSVDB: 54822 Background ACDSee is a suite of products for viewing and organizing photos. Problem A buffer overflow vulnerability allows command execution when a user opens a specially crafted TIFF file. Resolution Apply a fix when available. If a fix is not available,...

7.8AI score
Exploits0
Saint
Saint
•added 2009/01/30 12:0 a.m.•11 views

Microsoft Office OCX ActiveX controls OpenWebFile program execution

Added: 01/30/2009 BID: 33243 Background Microsoft Office OCX is a suite of ActiveX document containers to create, open, edit, and print Microsoft Office files. Problem A vulnerability in multiple Office OCX ActiveX controls allows a web page to execute remote programs using the OpenWebFile method...

7.5AI score
Exploits0
Saint
Saint
•added 2006/03/01 12:0 a.m.•11 views

MDaemon IMAP AUTHENTICATE command buffer overflow

Added: 03/01/2006 BID: 14317 OSVDB: 18069 Background MDaemon is an e-mail server for Windows. Problem The IMAP service in MDaemon is affected by buffer overflow vulnerabilities in the AUTHENTICATE LOGIN and AUTHENTICATE CRAM-MD5 commands which can be exploited without logging into the server...

1.1AI score
Exploits0
Saint
Saint
•added 2006/03/01 12:0 a.m.•11 views

MDaemon IMAP AUTHENTICATE command buffer overflow

Added: 03/01/2006 BID: 14317 OSVDB: 18069 Background MDaemon is an e-mail server for Windows. Problem The IMAP service in MDaemon is affected by buffer overflow vulnerabilities in the AUTHENTICATE LOGIN and AUTHENTICATE CRAM-MD5 commands which can be exploited without logging into the server...

8.1AI score
Exploits0
Saint
Saint
•added 2011/01/04 12:0 a.m.•10 views

SQL injection authentication bypass

Added: 01/04/2011 Background Structured Query Language SQL is the most common language understood by modern relational databases. Problem A web program uses input parameters within an SQL query in an unsafe manner. This could allow a remote attacker to manipulate the authentication query via a...

8.5AI score
Exploits0
Saint
Saint
•added 2009/10/30 12:0 a.m.•10 views

Novell eDirectory DHost module load buffer overflow

Added: 10/30/2009 BID: 36815 Background Novell eDirectory is a directory server which implements the LDAP protocol. eDirectory for Windows, Linux, and UNIX includes the DHost program, which runs under eDirectory and provides the functionality of the NetWare operating system. Problem A buffer...

8.7AI score
Exploits0
Saint
Saint
•added 2009/10/13 12:0 a.m.•10 views

Google Apps googleapps.url.mailto handler command injection

Added: 10/13/2009 BID: 36581 Background Google Apps is a web-based productivity suite hosted by Google. Problem Google Apps handles googleapps.url.mailto URLs by passing the URL as a command-line argument to the googleapps.exe program without sufficiently validating the URL. This allows command...

7.2AI score
Exploits0
Saint
Saint
•added 2009/10/01 12:0 a.m.•10 views

ProFTP welcome message buffer overflow

Added: 10/01/2009 BID: 36128 OSVDB: 57394 Background Labtam ProFTP is an FTP client program for Microsoft Windows. Problem A buffer overflow vulnerability allows command execution when a user connects to an FTP server which sends a specially crafted welcome message. Resolution Apply a fix from th...

0.1AI score
Exploits0
Saint
Saint
•added 2009/05/11 12:0 a.m.•10 views

MySQL password weakness

Added: 05/11/2009 Background MySQL is an open-source database software package available for multiple platforms. Problem A MySQL database account has no password or an easily guessed password, allowing a remote attacker to make unauthorized queries. Resolution Set a strong password for all MySQL...

8.2AI score
Exploits0
Saint
Saint
•added 2009/03/29 12:0 a.m.•10 views

SAP GUI SAPBExCommonResources ActiveX Command Execution

Added: 03/29/2009 Background The SAP GUI is the GUI client in SAP's 3-tier architecture of database, application server and client. The SAP GUI family is available for Windows, Java, and HTML/Internet Transaction Server ITS environment. SAP GUI for Windows registers the...

7.7AI score
Exploits0
Saint
Saint
•added 2009/03/18 12:0 a.m.•10 views

Download connection

Added: 03/18/2009 Background This tool allows you to download a file which, when executed, establishes a command connection. Limitations This tool requires a user to execute the downloaded file in order to succeed. The target field must be a licensed target but is unused. Platforms Windows Linux...

1.6AI score
Exploits0
Saint
Saint
•added 2008/11/25 12:0 a.m.•10 views

Disable Firewall

Added: 11/25/2008 Background This tool attempts to disable the firewall on the target. Limitations A connection to the target is required to run this tool. The connection requires root privileges on Unix and Linux targets. Platforms Windows / Linux / Unix...

3.2AI score
Exploits0
Saint
Saint
•added 2008/11/25 12:0 a.m.•10 views

Disable Firewall

Added: 11/25/2008 Background This tool attempts to disable the firewall on the target. Limitations A connection to the target is required to run this tool. The connection requires root privileges on Unix and Linux targets. Platforms Windows / Linux / Unix...

3.2AI score
Exploits0
Saint
Saint
•added 2009/09/17 12:0 a.m.•9 views

ACDSee TIFF file handling buffer overflow

Added: 09/17/2009 BID: 35175 OSVDB: 54822 Background ACDSee is a suite of products for viewing and organizing photos. Problem A buffer overflow vulnerability allows command execution when a user opens a specially crafted TIFF file. Resolution Apply a fix when available. If a fix is not available,...

7.8AI score
Exploits0
Saint
Saint
•added 2009/06/04 12:0 a.m.•9 views

Find Metadata

Added: 06/04/2009 Background This tool searches the Internet for PDF and Microsoft Office files in the given domain, and extracts the metadata from those files. This metadata often contains the names or aliases of the document's authors or contributors, which can be used to guess valid e-mail...

1.7AI score
Exploits0
Saint
Saint
•added 2009/03/05 12:0 a.m.•9 views

Keystroke Logger

Added: 03/05/2009 Background This tool records all keystrokes which are typed at a computer's console. The keystrokes can be viewed in the exploit server's log. Limitations Logger works on Windows targets. A connection to the target is required to run this tool. Platforms Windows...

2.1AI score
Exploits0
Saint
Saint
•added 2009/01/20 12:0 a.m.•9 views

Upload command to Startup folder

Added: 01/20/2009 Background Each user's Startup folder on Windows systems contains programs which run at start-up time. This tool attempts to upload a command connection to a user's Startup folder. If successful, the connection will be established the next time the computer starts. Limitations A...

7.6AI score
Exploits0
Saint
Saint
•added 2009/01/09 12:0 a.m.•9 views

Read passwords stored in web browser

Added: 01/09/2009 Background This tool attempts to retrieve web site passwords which have been stored by Internet Explorer. Limitations A connection to the target is required to run this tool. Due to the encryption algorithm used by Internet Explorer, this tool can only retrieve passwords which...

0.6AI score
Exploits0
Saint
Saint
•added 2008/09/24 12:0 a.m.•9 views

Find e-mail addresses

Added: 09/24/2008 Background E-mail addresses in a given domain can often be found using publicly available information such as Internet search engines, network registrars, and public key servers. This tool attempts to provide a list of e-mail addresses using these resources. Limitations Many...

2.3AI score
Exploits0
Total number of security vulnerabilities4305