Lucene search
K

4305 matches found

Saint
Saint
•added 2011/12/30 12:0 a.m.•16 views

Avaya WinPDM Unite Host Router service buffer overflow

Added: 12/30/2011 BID: 47947 OSVDB: 73269 Background Avaya Windows Portable Device Manager WinPDM is used for local administration and software download of various devices. Problem A buffer overflow vulnerability in Avaya WinPDM allows an attacker to execute arbitrary commands by sending a...

8.3AI score
Exploits0
Saint
Saint
•added 2011/12/28 12:0 a.m.•36 views

Hastymail rs parameter command injection

Added: 12/28/2011 CVE: CVE-2011-4542 BID: 50791 OSVDB: 77331 Background Hastymail is a fast, secure, rfc-compliant, cross-platform IMAP/SMTP client application written in PHP providing a clean web interface for sending and reading E-mail. Problem Hastymail2 fails to properly sanitize user-supplie...

7.5CVSS7.1AI score0.24119EPSS
Exploits9
Saint
Saint
•added 2011/12/28 12:0 a.m.•29 views

Hastymail rs parameter command injection

Added: 12/28/2011 CVE: CVE-2011-4542 BID: 50791 OSVDB: 77331 Background Hastymail is a fast, secure, rfc-compliant, cross-platform IMAP/SMTP client application written in PHP providing a clean web interface for sending and reading E-mail. Problem Hastymail2 fails to properly sanitize user-supplie...

7.5CVSS7.1AI score0.24119EPSS
Exploits9
Saint
Saint
•added 2011/12/28 12:0 a.m.•39 views

Hastymail rs parameter command injection

Added: 12/28/2011 CVE: CVE-2011-4542 BID: 50791 OSVDB: 77331 Background Hastymail is a fast, secure, rfc-compliant, cross-platform IMAP/SMTP client application written in PHP providing a clean web interface for sending and reading E-mail. Problem Hastymail2 fails to properly sanitize user-supplie...

7.5CVSS7.1AI score0.24119EPSS
Exploits9
Saint
Saint
•added 2011/12/28 12:0 a.m.•26 views

Hastymail rs parameter command injection

Added: 12/28/2011 CVE: CVE-2011-4542 BID: 50791 OSVDB: 77331 Background Hastymail is a fast, secure, rfc-compliant, cross-platform IMAP/SMTP client application written in PHP providing a clean web interface for sending and reading E-mail. Problem Hastymail2 fails to properly sanitize user-supplie...

7.5CVSS7.1AI score0.24119EPSS
Exploits9
Saint
Saint
•added 2011/12/27 12:0 a.m.•19 views

Traq authenticate function remote code execution

Added: 12/27/2011 BID: 50961 OSVDB: 77556 Background Traq is a PHP5+ and MySQL4+ based Project Tracking system with the ability to host multiple projects. Problem The flaw is caused due to admin rights not properly being restricted in the "authenticate" function in admincp/common.php. This can be...

0.8AI score
Exploits0
Saint
Saint
•added 2011/12/27 12:0 a.m.•22 views

Traq authenticate function remote code execution

Added: 12/27/2011 BID: 50961 OSVDB: 77556 Background Traq is a PHP5+ and MySQL4+ based Project Tracking system with the ability to host multiple projects. Problem The flaw is caused due to admin rights not properly being restricted in the "authenticate" function in admincp/common.php. This can be...

0.8AI score
Exploits0
Saint
Saint
•added 2011/12/27 12:0 a.m.•29 views

Traq authenticate function remote code execution

Added: 12/27/2011 BID: 50961 OSVDB: 77556 Background Traq is a PHP5+ and MySQL4+ based Project Tracking system with the ability to host multiple projects. Problem The flaw is caused due to admin rights not properly being restricted in the "authenticate" function in admincp/common.php. This can be...

7.8AI score
Exploits0
Saint
Saint
•added 2011/12/27 12:0 a.m.•17 views

Traq authenticate function remote code execution

Added: 12/27/2011 BID: 50961 OSVDB: 77556 Background Traq is a PHP5+ and MySQL4+ based Project Tracking system with the ability to host multiple projects. Problem The flaw is caused due to admin rights not properly being restricted in the "authenticate" function in admincp/common.php. This can be...

7.8AI score
Exploits0
Saint
Saint
•added 2011/12/23 12:0 a.m.•39 views

Microsys Promotic PmTrendViewer ActiveX Control SaveCfg Stack Buffer Overflow

Added: 12/23/2011 OSVDB: 76396 Background Microsys Promotic is a SCADA object software tool for creating applications that monitor, control and display technological processes in various industrial areas. Promotic includes support for a web interface designed for Microsoft Windows. Problem Micros...

8.1AI score
Exploits0
Saint
Saint
•added 2011/12/23 12:0 a.m.•40 views

Microsys Promotic PmTrendViewer ActiveX Control SaveCfg Stack Buffer Overflow

Added: 12/23/2011 OSVDB: 76396 Background Microsys Promotic is a SCADA object software tool for creating applications that monitor, control and display technological processes in various industrial areas. Promotic includes support for a web interface designed for Microsoft Windows. Problem Micros...

8.1AI score
Exploits0
Saint
Saint
•added 2011/12/23 12:0 a.m.•35 views

Microsys Promotic PmTrendViewer ActiveX Control SaveCfg Stack Buffer Overflow

Added: 12/23/2011 OSVDB: 76396 Background Microsys Promotic is a SCADA object software tool for creating applications that monitor, control and display technological processes in various industrial areas. Promotic includes support for a web interface designed for Microsoft Windows. Problem Micros...

8.1AI score
Exploits0
Saint
Saint
•added 2011/12/23 12:0 a.m.•30 views

Microsys Promotic PmTrendViewer ActiveX Control SaveCfg Stack Buffer Overflow

Added: 12/23/2011 OSVDB: 76396 Background Microsys Promotic is a SCADA object software tool for creating applications that monitor, control and display technological processes in various industrial areas. Promotic includes support for a web interface designed for Microsoft Windows. Problem Micros...

8.1AI score
Exploits0
Saint
Saint
•added 2011/12/23 12:0 a.m.•35 views

Novell iPrint Client ActiveX Control GetDriverSettings Stack Overflow

Added: 12/23/2011 CVE: CVE-2011-3173 BID: 50367 OSVDB: 76631 Background Novell iPrint is an application which allows users to install and manage printers. Novell iPrint installs the Novell iPrint Client ActiveX control named ienipp.ocx. Problem A buffer overflow vulnerability in the ActiveX contr...

9.3CVSS6.8AI score0.32951EPSS
Exploits13
Saint
Saint
•added 2011/12/23 12:0 a.m.•26 views

Novell iPrint Client ActiveX Control GetDriverSettings Stack Overflow

Added: 12/23/2011 CVE: CVE-2011-3173 BID: 50367 OSVDB: 76631 Background Novell iPrint is an application which allows users to install and manage printers. Novell iPrint installs the Novell iPrint Client ActiveX control named ienipp.ocx. Problem A buffer overflow vulnerability in the ActiveX contr...

7.5CVSS6.8AI score0.04831EPSS
Exploits4
Saint
Saint
•added 2011/12/23 12:0 a.m.•66 views

Novell iPrint Client ActiveX Control GetDriverSettings Stack Overflow

Added: 12/23/2011 CVE: CVE-2011-3173 BID: 50367 OSVDB: 76631 Background Novell iPrint is an application which allows users to install and manage printers. Novell iPrint installs the Novell iPrint Client ActiveX control named ienipp.ocx. Problem A buffer overflow vulnerability in the ActiveX contr...

9.3CVSS6.8AI score0.32951EPSS
Exploits13
Saint
Saint
•added 2011/12/23 12:0 a.m.•46 views

Novell iPrint Client ActiveX Control GetDriverSettings Stack Overflow

Added: 12/23/2011 CVE: CVE-2011-3173 BID: 50367 OSVDB: 76631 Background Novell iPrint is an application which allows users to install and manage printers. Novell iPrint installs the Novell iPrint Client ActiveX control named ienipp.ocx. Problem A buffer overflow vulnerability in the ActiveX contr...

7.5CVSS6.8AI score0.04831EPSS
Exploits4
Saint
Saint
•added 2011/12/21 12:0 a.m.•45 views

Adobe Reader U3D Heap Overflow

Added: 12/21/2011 CVE: CVE-2011-2462 BID: 50922 OSVDB: 77529 Background Adobe Reader is free software for viewing PDF documents. Problem A heap memory corruption vulnerability exists in Adobe Acrobat Reader. The vulnerability is due to an input validation error while parsing Universal 3D U3D file...

10CVSS9.9AI score0.86238EPSS
Exploits11
Saint
Saint
•added 2011/12/21 12:0 a.m.•39 views

Adobe Reader U3D Heap Overflow

Added: 12/21/2011 CVE: CVE-2011-2462 BID: 50922 OSVDB: 77529 Background Adobe Reader is free software for viewing PDF documents. Problem A heap memory corruption vulnerability exists in Adobe Acrobat Reader. The vulnerability is due to an input validation error while parsing Universal 3D U3D file...

10CVSS9.9AI score0.86238EPSS
Exploits11
Saint
Saint
•added 2011/12/21 12:0 a.m.•51 views

Adobe Reader U3D Heap Overflow

Added: 12/21/2011 CVE: CVE-2011-2462 BID: 50922 OSVDB: 77529 Background Adobe Reader is free software for viewing PDF documents. Problem A heap memory corruption vulnerability exists in Adobe Acrobat Reader. The vulnerability is due to an input validation error while parsing Universal 3D U3D file...

10CVSS10AI score0.86238EPSS
Exploits16
Saint
Saint
•added 2011/12/21 12:0 a.m.•53 views

Adobe Reader U3D Heap Overflow

Added: 12/21/2011 CVE: CVE-2011-2462 BID: 50922 OSVDB: 77529 Background Adobe Reader is free software for viewing PDF documents. Problem A heap memory corruption vulnerability exists in Adobe Acrobat Reader. The vulnerability is due to an input validation error while parsing Universal 3D U3D file...

10CVSS9.9AI score0.86238EPSS
Exploits16
Saint
Saint
•added 2011/12/16 12:0 a.m.•57 views

Smart Software Solutions CoDeSys Webserver URI Copying Stack Buffer Overflow

Added: 12/16/2011 CVE: CVE-2011-5007 BID: 50849 OSVDB: 77387 Background Smart Software Solutions GmbH 3S manufactures CoDeSys Web Server, a Supervisory Control and Data Acquisition/Human-Machine Interface SCADA/HMI product. The SCADA Web Server listens on TCP port 8080. Problem The CmpWebServer.d...

10CVSS7.2AI score0.72582EPSS
Exploits6
Saint
Saint
•added 2011/12/16 12:0 a.m.•83 views

Smart Software Solutions CoDeSys Webserver URI Copying Stack Buffer Overflow

Added: 12/16/2011 CVE: CVE-2011-5007 BID: 50849 OSVDB: 77387 Background Smart Software Solutions GmbH 3S manufactures CoDeSys Web Server, a Supervisory Control and Data Acquisition/Human-Machine Interface SCADA/HMI product. The SCADA Web Server listens on TCP port 8080. Problem The CmpWebServer.d...

10CVSS7.2AI score0.72582EPSS
Exploits6
Saint
Saint
•added 2011/12/16 12:0 a.m.•64 views

Smart Software Solutions CoDeSys Webserver URI Copying Stack Buffer Overflow

Added: 12/16/2011 CVE: CVE-2011-5007 BID: 50849 OSVDB: 77387 Background Smart Software Solutions GmbH 3S manufactures CoDeSys Web Server, a Supervisory Control and Data Acquisition/Human-Machine Interface SCADA/HMI product. The SCADA Web Server listens on TCP port 8080. Problem The CmpWebServer.d...

10CVSS7.3AI score0.72582EPSS
Exploits6
Saint
Saint
•added 2011/12/16 12:0 a.m.•66 views

Smart Software Solutions CoDeSys Webserver URI Copying Stack Buffer Overflow

Added: 12/16/2011 CVE: CVE-2011-5007 BID: 50849 OSVDB: 77387 Background Smart Software Solutions GmbH 3S manufactures CoDeSys Web Server, a Supervisory Control and Data Acquisition/Human-Machine Interface SCADA/HMI product. The SCADA Web Server listens on TCP port 8080. Problem The CmpWebServer.d...

10CVSS7.2AI score0.72582EPSS
Exploits6
Saint
Saint
•added 2011/12/12 12:0 a.m.•23 views

BroadWin WebAccess SCADA Client ActiveX Format String

Added: 12/12/2011 OSVDB: 74897 Background BroadWin WebAccess is a web-based SCADA reporting and control solution. Problem BroadWin WebAccess installs an ActiveX Control in the user's browser. The OcxSpool function of this control accepts a parameter that is evaluated using a format string. A form...

7.4AI score
Exploits0
Saint
Saint
•added 2011/12/12 12:0 a.m.•24 views

BroadWin WebAccess SCADA Client ActiveX Format String

Added: 12/12/2011 OSVDB: 74897 Background BroadWin WebAccess is a web-based SCADA reporting and control solution. Problem BroadWin WebAccess installs an ActiveX Control in the user's browser. The OcxSpool function of this control accepts a parameter that is evaluated using a format string. A form...

7.3AI score
Exploits0
Saint
Saint
•added 2011/12/12 12:0 a.m.•48 views

Iron Mountain Connected Backup Opcode 13 Processing Command Injection

Added: 12/12/2011 CVE: CVE-2011-2397 BID: 50884 OSVDB: 77495 Background Iron Mountain Connected Backup is a solution for automatic online backup and recovery for Microsoft Windows and Mac OS X. An agent is installed on each computer that is to be backed up. The agent listens by default on TCP por...

10CVSS7.4AI score0.05521EPSS
Exploits4
Saint
Saint
•added 2011/12/12 12:0 a.m.•26 views

VanDyke AbsoluteFTP FTP Client LIST Overflow

Added: 12/12/2011 BID: 50614 OSVDB: 77105 Background VanDyke AbsoluteFTP is a popular free FTP client. AbsoluteFTP was replaced by SecureFX in 1998, and support for AbsoluteFTP ended in 2007. Problem The AbsoluteFTP client contains a buffer overflow vulnerability when parsing file and directory...

0.4AI score
Exploits0
Saint
Saint
•added 2011/12/12 12:0 a.m.•30 views

Iron Mountain Connected Backup Opcode 13 Processing Command Injection

Added: 12/12/2011 CVE: CVE-2011-2397 BID: 50884 OSVDB: 77495 Background Iron Mountain Connected Backup is a solution for automatic online backup and recovery for Microsoft Windows and Mac OS X. An agent is installed on each computer that is to be backed up. The agent listens by default on TCP por...

10CVSS7.5AI score0.05521EPSS
Exploits4
Saint
Saint
•added 2011/12/12 12:0 a.m.•44 views

BroadWin WebAccess SCADA Client ActiveX Format String

Added: 12/12/2011 OSVDB: 74897 Background BroadWin WebAccess is a web-based SCADA reporting and control solution. Problem BroadWin WebAccess installs an ActiveX Control in the user's browser. The OcxSpool function of this control accepts a parameter that is evaluated using a format string. A form...

7.4AI score
Exploits0
Saint
Saint
•added 2011/12/12 12:0 a.m.•25 views

VanDyke AbsoluteFTP FTP Client LIST Overflow

Added: 12/12/2011 BID: 50614 OSVDB: 77105 Background VanDyke AbsoluteFTP is a popular free FTP client. AbsoluteFTP was replaced by SecureFX in 1998, and support for AbsoluteFTP ended in 2007. Problem The AbsoluteFTP client contains a buffer overflow vulnerability when parsing file and directory...

0.4AI score
Exploits0
Saint
Saint
•added 2011/12/12 12:0 a.m.•58 views

Iron Mountain Connected Backup Opcode 13 Processing Command Injection

Added: 12/12/2011 CVE: CVE-2011-2397 BID: 50884 OSVDB: 77495 Background Iron Mountain Connected Backup is a solution for automatic online backup and recovery for Microsoft Windows and Mac OS X. An agent is installed on each computer that is to be backed up. The agent listens by default on TCP por...

10CVSS7.4AI score0.05521EPSS
Exploits4
Saint
Saint
•added 2011/12/12 12:0 a.m.•19 views

BroadWin WebAccess SCADA Client ActiveX Format String

Added: 12/12/2011 OSVDB: 74897 Background BroadWin WebAccess is a web-based SCADA reporting and control solution. Problem BroadWin WebAccess installs an ActiveX Control in the user's browser. The OcxSpool function of this control accepts a parameter that is evaluated using a format string. A form...

7.3AI score
Exploits0
Saint
Saint
•added 2011/12/12 12:0 a.m.•19 views

VanDyke AbsoluteFTP FTP Client LIST Overflow

Added: 12/12/2011 BID: 50614 OSVDB: 77105 Background VanDyke AbsoluteFTP is a popular free FTP client. AbsoluteFTP was replaced by SecureFX in 1998, and support for AbsoluteFTP ended in 2007. Problem The AbsoluteFTP client contains a buffer overflow vulnerability when parsing file and directory...

7.8AI score
Exploits0
Saint
Saint
•added 2011/12/12 12:0 a.m.•62 views

Iron Mountain Connected Backup Opcode 13 Processing Command Injection

Added: 12/12/2011 CVE: CVE-2011-2397 BID: 50884 OSVDB: 77495 Background Iron Mountain Connected Backup is a solution for automatic online backup and recovery for Microsoft Windows and Mac OS X. An agent is installed on each computer that is to be backed up. The agent listens by default on TCP por...

10CVSS7.4AI score0.05521EPSS
Exploits4
Saint
Saint
•added 2011/12/12 12:0 a.m.•28 views

VanDyke AbsoluteFTP FTP Client LIST Overflow

Added: 12/12/2011 BID: 50614 OSVDB: 77105 Background VanDyke AbsoluteFTP is a popular free FTP client. AbsoluteFTP was replaced by SecureFX in 1998, and support for AbsoluteFTP ended in 2007. Problem The AbsoluteFTP client contains a buffer overflow vulnerability when parsing file and directory...

7.8AI score
Exploits0
Saint
Saint
•added 2011/12/09 12:0 a.m.•32 views

Trend Micro InterScan Web Security Suite Local Privilege Escalation

Added: 12/09/2011 BID: 50380 OSVDB: 76637 Background Trend Micro InterScan Web Security Suite is an application which dynamically defends against web-based attacks at the Internet gateway. Problem Trend Micro InterScan Web Security Suite is vulnerable to local privilege escalation vulnerability...

8.4AI score
Exploits0
Saint
Saint
•added 2011/12/09 12:0 a.m.•66 views

Trend Micro InterScan Web Security Suite Local Privilege Escalation

Added: 12/09/2011 BID: 50380 OSVDB: 76637 Background Trend Micro InterScan Web Security Suite is an application which dynamically defends against web-based attacks at the Internet gateway. Problem Trend Micro InterScan Web Security Suite is vulnerable to local privilege escalation vulnerability...

1.5AI score
Exploits0
Saint
Saint
•added 2011/12/09 12:0 a.m.•29 views

Trend Micro InterScan Web Security Suite Local Privilege Escalation

Added: 12/09/2011 BID: 50380 OSVDB: 76637 Background Trend Micro InterScan Web Security Suite is an application which dynamically defends against web-based attacks at the Internet gateway. Problem Trend Micro InterScan Web Security Suite is vulnerable to local privilege escalation vulnerability...

1.5AI score
Exploits0
Saint
Saint
•added 2011/12/09 12:0 a.m.•25 views

Trend Micro InterScan Web Security Suite Local Privilege Escalation

Added: 12/09/2011 BID: 50380 OSVDB: 76637 Background Trend Micro InterScan Web Security Suite is an application which dynamically defends against web-based attacks at the Internet gateway. Problem Trend Micro InterScan Web Security Suite is vulnerable to local privilege escalation vulnerability...

8.4AI score
Exploits0
Saint
Saint
•added 2011/12/05 12:0 a.m.•35 views

Cytel Studio CY3 File Processing Buffer Overflow

Added: 12/05/2011 BID: 49924 OSVDB: 75991 Background Cytel Inc. provides clinical trial design services and specialized statistical applications primarily for the biotech and pharmaceutical research markets. StatXact is a statistical software package based on the exact branch of statistics used b...

8.5AI score
Exploits0
Saint
Saint
•added 2011/12/05 12:0 a.m.•35 views

Cytel Studio CY3 File Processing Buffer Overflow

Added: 12/05/2011 BID: 49924 OSVDB: 75991 Background Cytel Inc. provides clinical trial design services and specialized statistical applications primarily for the biotech and pharmaceutical research markets. StatXact is a statistical software package based on the exact branch of statistics used b...

1.1AI score
Exploits0
Saint
Saint
•added 2011/12/05 12:0 a.m.•33 views

Cytel Studio CY3 File Processing Buffer Overflow

Added: 12/05/2011 BID: 49924 OSVDB: 75991 Background Cytel Inc. provides clinical trial design services and specialized statistical applications primarily for the biotech and pharmaceutical research markets. StatXact is a statistical software package based on the exact branch of statistics used b...

1.1AI score
Exploits0
Saint
Saint
•added 2011/12/05 12:0 a.m.•26 views

Cytel Studio CY3 File Processing Buffer Overflow

Added: 12/05/2011 BID: 49924 OSVDB: 75991 Background Cytel Inc. provides clinical trial design services and specialized statistical applications primarily for the biotech and pharmaceutical research markets. StatXact is a statistical software package based on the exact branch of statistics used b...

8.5AI score
Exploits0
Saint
Saint
•added 2011/12/02 12:0 a.m.•56 views

Oracle Java Rhino Script Engine Code Execution

Added: 12/02/2011 CVE: CVE-2011-3544 BID: 50218 OSVDB: 76500 Background Java is a programming language that compiles programs to bytecode, which is then executed inside a Java Virtual Machine. This is optimal for applications that must run on various hardware platforms, such as web applets. Java...

10CVSS10AI score0.96714EPSS
Exploits13
Saint
Saint
•added 2011/12/02 12:0 a.m.•93 views

Oracle Java Rhino Script Engine Code Execution

Added: 12/02/2011 CVE: CVE-2011-3544 BID: 50218 OSVDB: 76500 Background Java is a programming language that compiles programs to bytecode, which is then executed inside a Java Virtual Machine. This is optimal for applications that must run on various hardware platforms, such as web applets. Java...

10CVSS10AI score0.96714EPSS
Exploits13
Saint
Saint
•added 2011/12/02 12:0 a.m.•86 views

Oracle Java Rhino Script Engine Code Execution

Added: 12/02/2011 CVE: CVE-2011-3544 BID: 50218 OSVDB: 76500 Background Java is a programming language that compiles programs to bytecode, which is then executed inside a Java Virtual Machine. This is optimal for applications that must run on various hardware platforms, such as web applets. Java...

10CVSS10AI score0.96714EPSS
Exploits13
Saint
Saint
•added 2011/12/02 12:0 a.m.•53 views

Oracle Java Rhino Script Engine Code Execution

Added: 12/02/2011 CVE: CVE-2011-3544 BID: 50218 OSVDB: 76500 Background Java is a programming language that compiles programs to bytecode, which is then executed inside a Java Virtual Machine. This is optimal for applications that must run on various hardware platforms, such as web applets. Java...

10CVSS10AI score0.96714EPSS
Exploits13
Saint
Saint
•added 2011/12/01 12:0 a.m.•33 views

Symantec Alert Management System AMSSendAlertAck Buffer Overflow

Added: 12/01/2011 CVE: CVE-2010-0110 BID: 45936 OSVDB: 72623 Background The Symantec Alert Management System 2 AMS2 is used by multiple Symantec products. It includes an Intel Alert Handler service hndlrsvc.exe. This service handles messages forwarded to it by the Alert Originator Manager...

7.9CVSS7.5AI score0.0513EPSS
Exploits12
Total number of security vulnerabilities4305