WPAD Listener

Added: 09/30/2013 Background The LLMNR Local Link Multicast Name Resolution protocol is used to answer wpad requests sent by Microsoft Windows. A rogue WPAD server delivers a wpad.dat file to poisoned hosts forcing them to proxy web requests through the SAINT server. In addition, browsers are...

WPAD Listener

Added: 09/30/2013 Background The LLMNR Local Link Multicast Name Resolution protocol is used to answer wpad requests sent by Microsoft Windows. A rogue WPAD server delivers a wpad.dat file to poisoned hosts forcing them to proxy web requests through the SAINT server. In addition, browsers are...

Upgrade Attack

Added: 09/30/2013 Background The LLMNR Local Link Multicast Name Resolution protocol is used to answer wpad requests sent by Microsoft Windows. A rogue WPAD server delivers a wpad.dat file to poisoned hosts forcing them to proxy web requests through the SAINT server. In addition, HTTP requests ar...

WPAD Listener

Added: 09/30/2013 Background The LLMNR Local Link Multicast Name Resolution protocol is used to answer wpad requests sent by Microsoft Windows. A rogue WPAD server delivers a wpad.dat file to poisoned hosts forcing them to proxy web requests through the SAINT server. In addition, browsers are...

HP LoadRunner micWebAjax.dll ActiveX NotifyEvent Method Vulnerability

Added: 09/30/2013 CVE: CVE-2013-2368 BID: 61436 OSVDB: 95639 Background HP LoadRunner is a software performance testing solution. HP LoadRunner includes the micWebAjax ActiveX control. Problem HP LoadRunner before 11.52 is vulnerable to remote code execution due to failure to sanitize user-suppli...

HP LoadRunner micWebAjax.dll ActiveX NotifyEvent Method Vulnerability

Added: 09/30/2013 CVE: CVE-2013-2368 BID: 61436 OSVDB: 95639 Background HP LoadRunner is a software performance testing solution. HP LoadRunner includes the micWebAjax ActiveX control. Problem HP LoadRunner before 11.52 is vulnerable to remote code execution due to failure to sanitize user-suppli...

Upgrade Attack

Added: 09/30/2013 Background The LLMNR Local Link Multicast Name Resolution protocol is used to answer wpad requests sent by Microsoft Windows. A rogue WPAD server delivers a wpad.dat file to poisoned hosts forcing them to proxy web requests through the SAINT server. In addition, HTTP requests ar...

WPAD Listener

Added: 09/30/2013 Background The LLMNR Local Link Multicast Name Resolution protocol is used to answer wpad requests sent by Microsoft Windows. A rogue WPAD server delivers a wpad.dat file to poisoned hosts forcing them to proxy web requests through the SAINT server. In addition, browsers are...

HP LoadRunner micWebAjax.dll ActiveX NotifyEvent Method Vulnerability

Added: 09/30/2013 CVE: CVE-2013-2368 BID: 61436 OSVDB: 95639 Background HP LoadRunner is a software performance testing solution. HP LoadRunner includes the micWebAjax ActiveX control. Problem HP LoadRunner before 11.52 is vulnerable to remote code execution due to failure to sanitize user-suppli...

Upgrade Attack

Added: 09/30/2013 Background The LLMNR Local Link Multicast Name Resolution protocol is used to answer wpad requests sent by Microsoft Windows. A rogue WPAD server delivers a wpad.dat file to poisoned hosts forcing them to proxy web requests through the SAINT server. In addition, HTTP requests ar...

Internet Explorer HTML Rendering Engine onLoseCapture Use-After-Free Vulnerability

Added: 09/25/2013 CVE: CVE-2013-3893 BID: 62453 OSVDB: 97380 Background Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems. Problem Microsoft Internet Explorer 6 through 11 contain a use-after-free vulnerability in the SetMouseCapture implementation in...

Internet Explorer HTML Rendering Engine onLoseCapture Use-After-Free Vulnerability

Added: 09/25/2013 CVE: CVE-2013-3893 BID: 62453 OSVDB: 97380 Background Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems. Problem Microsoft Internet Explorer 6 through 11 contain a use-after-free vulnerability in the SetMouseCapture implementation in...

Internet Explorer HTML Rendering Engine onLoseCapture Use-After-Free Vulnerability

Added: 09/25/2013 CVE: CVE-2013-3893 BID: 62453 OSVDB: 97380 Background Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems. Problem Microsoft Internet Explorer 6 through 11 contain a use-after-free vulnerability in the SetMouseCapture implementation in...

Internet Explorer HTML Rendering Engine onLoseCapture Use-After-Free Vulnerability

Added: 09/25/2013 CVE: CVE-2013-3893 BID: 62453 OSVDB: 97380 Background Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems. Problem Microsoft Internet Explorer 6 through 11 contain a use-after-free vulnerability in the SetMouseCapture implementation in...

HP LeftHand Virtual SAN Appliance hydra Ping Hostname Overflow

Added: 09/19/2013 CVE: CVE-2012-3285 BID: 57754 OSVDB: 89919 Background HP LeftHand Virtual SAN Appliance VSA software is a VMware certified SAN/storage device and virtual appliance that provides complete SAN functionality for VMware Infrastructure without external SAN hardware. Problem HP LeftHa...

HP LeftHand Virtual SAN Appliance hydra Ping Hostname Overflow

Added: 09/19/2013 CVE: CVE-2012-3285 BID: 57754 OSVDB: 89919 Background HP LeftHand Virtual SAN Appliance VSA software is a VMware certified SAN/storage device and virtual appliance that provides complete SAN functionality for VMware Infrastructure without external SAN hardware. Problem HP LeftHa...

HP LeftHand Virtual SAN Appliance hydra Ping Hostname Overflow

Added: 09/19/2013 CVE: CVE-2012-3285 BID: 57754 OSVDB: 89919 Background HP LeftHand Virtual SAN Appliance VSA software is a VMware certified SAN/storage device and virtual appliance that provides complete SAN functionality for VMware Infrastructure without external SAN hardware. Problem HP LeftHa...

HP LeftHand Virtual SAN Appliance hydra Ping Hostname Overflow

Added: 09/19/2013 CVE: CVE-2012-3285 BID: 57754 OSVDB: 89919 Background HP LeftHand Virtual SAN Appliance VSA software is a VMware certified SAN/storage device and virtual appliance that provides complete SAN functionality for VMware Infrastructure without external SAN hardware. Problem HP LeftHa...

Windows Crafted Theme File Handling Vulnerability

Added: 09/12/2013 CVE: CVE-2013-0810 BID: 62176 OSVDB: 97136 Background Microsoft Windows themes are a combination of personalization settings that change how the user's desktop looks and sounds. A theme could specify user settings such as the desktop background, window border color, sounds, and...

Windows Crafted Theme File Handling Vulnerability

Added: 09/12/2013 CVE: CVE-2013-0810 BID: 62176 OSVDB: 97136 Background Microsoft Windows themes are a combination of personalization settings that change how the user's desktop looks and sounds. A theme could specify user settings such as the desktop background, window border color, sounds, and...

Windows Crafted Theme File Handling Vulnerability

Added: 09/12/2013 CVE: CVE-2013-0810 BID: 62176 OSVDB: 97136 Background Microsoft Windows themes are a combination of personalization settings that change how the user's desktop looks and sounds. A theme could specify user settings such as the desktop background, window border color, sounds, and...

Windows Crafted Theme File Handling Vulnerability

Added: 09/12/2013 CVE: CVE-2013-0810 BID: 62176 OSVDB: 97136 Background Microsoft Windows themes are a combination of personalization settings that change how the user's desktop looks and sounds. A theme could specify user settings such as the desktop background, window border color, sounds, and...

HP System Management Homepage iprange Parameter Stack Buffer Overflow

Added: 09/09/2013 CVE: CVE-2013-2362 BID: 61337 OSVDB: 95489 Background HP System Management Homepage SMH is a web-based interface that consolidates the management of ProLiant and Integrity servers. Problem A stack buffer overflow vulnerability in HP SMH allows command execution when an attacker...

HP System Management Homepage iprange Parameter Stack Buffer Overflow

Added: 09/09/2013 CVE: CVE-2013-2362 BID: 61337 OSVDB: 95489 Background HP System Management Homepage SMH is a web-based interface that consolidates the management of ProLiant and Integrity servers. Problem A stack buffer overflow vulnerability in HP SMH allows command execution when an attacker...

HP System Management Homepage iprange Parameter Stack Buffer Overflow

Added: 09/09/2013 CVE: CVE-2013-2362 BID: 61337 OSVDB: 95489 Background HP System Management Homepage SMH is a web-based interface that consolidates the management of ProLiant and Integrity servers. Problem A stack buffer overflow vulnerability in HP SMH allows command execution when an attacker...

HP System Management Homepage iprange Parameter Stack Buffer Overflow

Added: 09/09/2013 CVE: CVE-2013-2362 BID: 61337 OSVDB: 95489 Background HP System Management Homepage SMH is a web-based interface that consolidates the management of ProLiant and Integrity servers. Problem A stack buffer overflow vulnerability in HP SMH allows command execution when an attacker...

Internet Explorer CFlatMarkupPointer Object Handling Use-after-free Vulnerability

Added: 09/05/2013 CVE: CVE-2013-3184 BID: 61668 OSVDB: 96182 Background Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems. Problem A user-after-free vulnerability when handling the InsertImage command identifier of CFlatMarkupPointer objects in a web...

Internet Explorer CFlatMarkupPointer Object Handling Use-after-free Vulnerability

Added: 09/05/2013 CVE: CVE-2013-3184 BID: 61668 OSVDB: 96182 Background Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems. Problem A user-after-free vulnerability when handling the InsertImage command identifier of CFlatMarkupPointer objects in a web...

Internet Explorer CFlatMarkupPointer Object Handling Use-after-free Vulnerability

Added: 09/05/2013 CVE: CVE-2013-3184 BID: 61668 OSVDB: 96182 Background Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems. Problem A user-after-free vulnerability when handling the InsertImage command identifier of CFlatMarkupPointer objects in a web...

Internet Explorer CFlatMarkupPointer Object Handling Use-after-free Vulnerability

Added: 09/05/2013 CVE: CVE-2013-3184 BID: 61668 OSVDB: 96182 Background Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems. Problem A user-after-free vulnerability when handling the InsertImage command identifier of CFlatMarkupPointer objects in a web...

Oracle Endeca Server createDataStore method command execution

Added: 09/04/2013 CVE: CVE-2013-3763 BID: 61217 OSVDB: 95269 Background Oracle Endeca Server is a hybrid search-analytical database. Problem A vulnerability in the controlSoapBinding service allows remote attackers to execute arbitrary commands by sending a request for the createDataStore method...

Java Runtime Environment java.awt.image.IntegerComponentRaster buffer overflow

Added: 09/04/2013 CVE: CVE-2013-2471 BID: 60659 OSVDB: 94357 Background The Java Runtime Environment JRE is part of the Java Development Kit JDK, a set of programming tools for developing Java applications. The Java Runtime Environment provides the minimum requirements for executing a Java...

Java Runtime Environment java.awt.image.IntegerComponentRaster buffer overflow

Added: 09/04/2013 CVE: CVE-2013-2471 BID: 60659 OSVDB: 94357 Background The Java Runtime Environment JRE is part of the Java Development Kit JDK, a set of programming tools for developing Java applications. The Java Runtime Environment provides the minimum requirements for executing a Java...

Java Runtime Environment java.awt.image.IntegerComponentRaster buffer overflow

Added: 09/04/2013 CVE: CVE-2013-2471 BID: 60659 OSVDB: 94357 Background The Java Runtime Environment JRE is part of the Java Development Kit JDK, a set of programming tools for developing Java applications. The Java Runtime Environment provides the minimum requirements for executing a Java...

Oracle Endeca Server createDataStore method command execution

Added: 09/04/2013 CVE: CVE-2013-3763 BID: 61217 OSVDB: 95269 Background Oracle Endeca Server is a hybrid search-analytical database. Problem A vulnerability in the controlSoapBinding service allows remote attackers to execute arbitrary commands by sending a request for the createDataStore method...

Oracle Endeca Server createDataStore method command execution

Added: 09/04/2013 CVE: CVE-2013-3763 BID: 61217 OSVDB: 95269 Background Oracle Endeca Server is a hybrid search-analytical database. Problem A vulnerability in the controlSoapBinding service allows remote attackers to execute arbitrary commands by sending a request for the createDataStore method...

Java Runtime Environment java.awt.image.IntegerComponentRaster buffer overflow

Added: 09/04/2013 CVE: CVE-2013-2471 BID: 60659 OSVDB: 94357 Background The Java Runtime Environment JRE is part of the Java Development Kit JDK, a set of programming tools for developing Java applications. The Java Runtime Environment provides the minimum requirements for executing a Java...

Oracle Endeca Server createDataStore method command execution

Added: 09/04/2013 CVE: CVE-2013-3763 BID: 61217 OSVDB: 95269 Background Oracle Endeca Server is a hybrid search-analytical database. Problem A vulnerability in the controlSoapBinding service allows remote attackers to execute arbitrary commands by sending a request for the createDataStore method...

Oracle Java Runtime Environment AWT storeImageArray Vulnerability

Added: 08/30/2013 CVE: CVE-2013-2465 BID: 60657 OSVDB: 94339 Background Java Runtime Environment JRE allows end users to run Java applications. Problem A buffer overflow vulnerability in the storeImageArray function of the Abstract Window Toolkit AWT library awt.dll allows command execution when ...

Oracle Java Runtime Environment AWT storeImageArray Vulnerability

Added: 08/30/2013 CVE: CVE-2013-2465 BID: 60657 OSVDB: 94339 Background Java Runtime Environment JRE allows end users to run Java applications. Problem A buffer overflow vulnerability in the storeImageArray function of the Abstract Window Toolkit AWT library awt.dll allows command execution when ...

Oracle Java Runtime Environment AWT storeImageArray Vulnerability

Added: 08/30/2013 CVE: CVE-2013-2465 BID: 60657 OSVDB: 94339 Background Java Runtime Environment JRE allows end users to run Java applications. Problem A buffer overflow vulnerability in the storeImageArray function of the Abstract Window Toolkit AWT library awt.dll allows command execution when ...

Oracle Java Runtime Environment AWT storeImageArray Vulnerability

Added: 08/30/2013 CVE: CVE-2013-2465 BID: 60657 OSVDB: 94339 Background Java Runtime Environment JRE allows end users to run Java applications. Problem A buffer overflow vulnerability in the storeImageArray function of the Abstract Window Toolkit AWT library awt.dll allows command execution when ...

HP LoadRunner lrFileIOService ActiveX Control WriteFileBinary Input Validation Error

Added: 08/29/2013 CVE: CVE-2013-2370 BID: 61441 OSVDB: 95640 Background HP LoadRunner is a software performance testing solution. HP LoadRunner includes the lrFileIOService ActiveX control. Problem HP LoadRunner before 11.52 is vulnerable to remote code execution. The lrFileIOService ActiveX...

HP LoadRunner lrFileIOService ActiveX Control WriteFileBinary Input Validation Error

Added: 08/29/2013 CVE: CVE-2013-2370 BID: 61441 OSVDB: 95640 Background HP LoadRunner is a software performance testing solution. HP LoadRunner includes the lrFileIOService ActiveX control. Problem HP LoadRunner before 11.52 is vulnerable to remote code execution. The lrFileIOService ActiveX...

HP LoadRunner lrFileIOService ActiveX Control WriteFileBinary Input Validation Error

Added: 08/29/2013 CVE: CVE-2013-2370 BID: 61441 OSVDB: 95640 Background HP LoadRunner is a software performance testing solution. HP LoadRunner includes the lrFileIOService ActiveX control. Problem HP LoadRunner before 11.52 is vulnerable to remote code execution. The lrFileIOService ActiveX...

HP LoadRunner lrFileIOService ActiveX Control WriteFileBinary Input Validation Error

Added: 08/29/2013 CVE: CVE-2013-2370 BID: 61441 OSVDB: 95640 Background HP LoadRunner is a software performance testing solution. HP LoadRunner includes the lrFileIOService ActiveX control. Problem HP LoadRunner before 11.52 is vulnerable to remote code execution. The lrFileIOService ActiveX...

Mozilla Firefox onreadystatechange Event Use After Free

Added: 08/22/2013 CVE: CVE-2013-1690 BID: 60778 OSVDB: 94584 Background Firefox is a freely available web browser for multiple platforms including Windows, Linux, and Mac OS. Problem A use-after-free vulnerability is triggered when handling onreadystatechange events and Event or Page reloads at t...

Mozilla Firefox onreadystatechange Event Use After Free

Added: 08/22/2013 CVE: CVE-2013-1690 BID: 60778 OSVDB: 94584 Background Firefox is a freely available web browser for multiple platforms including Windows, Linux, and Mac OS. Problem A use-after-free vulnerability is triggered when handling onreadystatechange events and Event or Page reloads at t...

Mozilla Firefox onreadystatechange Event Use After Free

Added: 08/22/2013 CVE: CVE-2013-1690 BID: 60778 OSVDB: 94584 Background Firefox is a freely available web browser for multiple platforms including Windows, Linux, and Mac OS. Problem A use-after-free vulnerability is triggered when handling onreadystatechange events and Event or Page reloads at t...

Mozilla Firefox onreadystatechange Event Use After Free

Added: 08/22/2013 CVE: CVE-2013-1690 BID: 60778 OSVDB: 94584 Background Firefox is a freely available web browser for multiple platforms including Windows, Linux, and Mac OS. Problem A use-after-free vulnerability is triggered when handling onreadystatechange events and Event or Page reloads at t...