Lucene search
K
Vulncheck KevRecent

4985 matches found

VulnCheck KEV
VulnCheck KEV
•added 2006/07/11 12:0 a.m.•3 views

VulnCheck KEV: CVE-2006-3059

Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows remote user-assisted attackers to execute arbitrary code via unspecified vectors. NOTE: this is a different vulnerability than CVE-2006-3086...

9.3CVSS6.2AI score0.56461EPSS
Exploits6References1
VulnCheck KEV
VulnCheck KEV
•added 2006/07/11 12:0 a.m.•5 views

VulnCheck KEV: CVE-2006-1540

MSO.DLL in Microsoft Office 2000, Office XP 2002, and Office 2003 allows user-assisted attackers to cause a denial of service and execute arbitrary code via multiple attack vectors, as originally demonstrated using a crafted document record with a malformed string, as demonstrated by...

9.3CVSS6.1AI score0.43664EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2006/06/13 12:0 a.m.•4 views

VulnCheck KEV: CVE-2006-2492

Microsoft Word and Microsoft Works Suites contain a malformed object pointer which allows attackers to execute code...

8.8CVSS5.9AI score0.48387EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2006/04/11 12:0 a.m.•7 views

VulnCheck KEV: CVE-2006-1359

Microsoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a certain createTextRange call on a checkbox object, which results in a dereference of an invalid table pointer...

9.3CVSS6.2AI score0.68068EPSS
Exploits11References1
VulnCheck KEV
VulnCheck KEV
•added 2006/03/14 12:0 a.m.•11 views

VulnCheck KEV: CVE-2006-0009

Buffer overflow in Microsoft Office 2000 SP3, XP SP3, and other versions and packages, allows user-assisted attackers to execute arbitrary code via a routing slip that is longer than specified by the provided length field, as exploited by malware such as TROJMDROPPER.BH and Trojan.PPDropper.E in...

5.1CVSS6.2AI score0.14205EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2005/12/28 12:0 a.m.•3 views

VulnCheck KEV: CVE-2005-4560

The Windows Graphical Device Interface library GDI32.DLL in Microsoft Windows allows remote attackers to execute arbitrary code via a Windows Metafile WMF format image with a crafted SETABORTPROC GDI Escape function call, related to the Windows Picture and Fax Viewer SHIMGVW.DLL, a...

7.5CVSS6.2AI score0.86476EPSS
Exploits14References1
VulnCheck KEV
VulnCheck KEV
•added 2005/12/13 12:0 a.m.•3 views

VulnCheck KEV: CVE-2005-1790

Microsoft Internet Explorer 6 SP2 6.0.2900.2180 and 6.0.2800.1106, and earlier versions, allows remote attackers to cause a denial of service crash and execute arbitrary code via a Javascript BODY onload event that calls the window function, aka "Mismatched Document Object Model Objects...

2.6CVSS6.1AI score0.83472EPSS
Exploits9References1
VulnCheck KEV
VulnCheck KEV
•added 2005/11/22 12:0 a.m.•10 views

VulnCheck KEV: CVE-2005-3738

globals.php in Mambo Site Server 4.0.14 and earlier, when registerglobals is disabled, allows remote attackers to overwrite variables in the GLOBALS array and conduct various attacks, as demonstrated using the mosConfigabsolutepath parameter to content.html.php for remote PHP file inclusion...

2.6CVSS5.8AI score0.03565EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2005/10/11 12:0 a.m.•4 views

VulnCheck KEV: CVE-2005-2127

Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, as originally...

7.5CVSS6.2AI score0.63665EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2005/08/25 12:0 a.m.•3 views

VulnCheck KEV: CVE-2001-0154

HTML e-mail feature in Internet Explorer 5.5 and earlier allows attackers to execute attachments by setting an unusual MIME type for the attachment, which Internet Explorer does not process correctly...

7.5CVSS5.9AI score0.11207EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2005/08/25 12:0 a.m.•3 views

VulnCheck KEV: CVE-2000-0884

IIS 4.0 and 5.0 allows remote attackers to read documents outside of the web root, and possibly execute arbitrary commands, via malformed URLs that contain UNICODE encoded characters, aka the "Web Server Folder Traversal" vulnerability...

7.5CVSS6AI score0.72073EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
•added 2005/08/09 12:0 a.m.•7 views

VulnCheck KEV: CVE-2005-1983

Stack-based buffer overflow in the Plug and Play PnP service for Microsoft Windows 2000 and Windows XP Service Pack 1 allows remote attackers to execute arbitrary code via a crafted packet, and local users to gain privileges via a malicious application, as exploited by the Zotob aka Mytob worm...

10CVSS6.5AI score0.93405EPSS
Exploits9References1
VulnCheck KEV
VulnCheck KEV
•added 2005/07/12 12:0 a.m.•4 views

VulnCheck KEV: CVE-2005-1219

Buffer overflow in the Microsoft Color Management Module for Windows allows remote attackers to execute arbitrary code via an image with crafted ICC profile format tags...

7.5CVSS6.2AI score0.49922EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
•added 2005/07/12 12:0 a.m.•3 views

VulnCheck KEV: CVE-2005-2087

Internet Explorer 5.01 SP4 up to 6 on various Windows operating systems, including IE 6.0.2900.2180 on Windows XP, allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects...

5CVSS6.1AI score0.61372EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
•added 2005/06/24 12:0 a.m.•3 views

VulnCheck KEV: CVE-2005-0773

Stack-based buffer overflow in VERITAS Backup Exec Remote Agent 9.0 through 10.0 for Windows, and 9.0.4019 through 9.1.307 for Netware allows remote attackers to execute arbitrary code via a CONNECTCLIENTAUTH request with authentication method type 3 Windows credentials and a long password...

7.5CVSS6.5AI score0.86365EPSS
Exploits9References1
VulnCheck KEV
VulnCheck KEV
•added 2005/02/08 12:0 a.m.•4 views

VulnCheck KEV: CVE-2005-0053

Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the "Drag-and-Drop Vulnerability."...

7.5CVSS6.2AI score0.6349EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2005/02/08 12:0 a.m.•4 views

VulnCheck KEV: CVE-2004-0847

The Microsoft .NET forms authentication capability for ASP.NET allows remote attackers to bypass authentication for .aspx files in restricted directories via a request containing a 1 "" backslash or 2 "%5C" encoded backslash, aka "Path Validation Vulnerability."...

9.8CVSS7.3AI score0.75702EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2005/02/08 12:0 a.m.•1 views

VulnCheck KEV: CVE-2004-1319

The DHTML Edit Control dhtmled.ocx allows remote attackers to inject arbitrary web script into other domains by setting a name for a window, opening a child page whose target is the window with the given name, then injecting the script from the parent into the child using execScript, as...

5CVSS6AI score0.26162EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2005/01/11 12:0 a.m.•4 views

VulnCheck KEV: CVE-2004-1043

Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to execute arbitrary code by using the "Related Topics" command in the Help ActiveX Control hhctrl.ocx to open a Help popup window containing the PCHealth tools.htm file in the local zone and injecting Javascript to be executed, as...

5CVSS6.2AI score0.44984EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2004/12/01 12:0 a.m.•3 views

VulnCheck KEV: CVE-2004-1050

Heap-based buffer overflow in Internet Explorer 6 allows remote attackers to execute arbitrary code via long 1 SRC or 2 NAME attributes in IFRAME, FRAME, and EMBED elements, as originally discovered using the mangleme utility, aka "the IFRAME vulnerability" or the "HTML Elements Vulnerability."...

10CVSS6.4AI score0.67061EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
•added 2004/11/09 12:0 a.m.•3 views

VulnCheck KEV: CVE-2004-0839

Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup...

5CVSS5.9AI score0.33081EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2004/11/09 12:0 a.m.•5 views

VulnCheck KEV: CVE-2004-0841

Internet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka "HijackClick 3" and the "Script in Image Tag File Download Vulnerability."...

5CVSS5.9AI score0.48733EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2004/11/09 12:0 a.m.•5 views

VulnCheck KEV: CVE-2004-0727

Microsoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, and other versions including 5.01 and 5.5, allows remote web servers to bypass zone restrictions and execute arbitrary code in the local computer zone by redirecting a function to another function with the same name, as...

7.5CVSS6.2AI score0.39782EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2004/08/25 12:0 a.m.•3 views

VulnCheck KEV: CVE-2004-0820

Winamp before 5.0.4 allows remote attackers to execute arbitrary script in the Local computer zone via script in HTML files that are referenced from XML files contained in a .wsz skin file...

4.6CVSS6.1AI score0.0254EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2004/07/30 12:0 a.m.•3 views

VulnCheck KEV: CVE-2004-0549

The WebBrowser ActiveX control, or the Internet Explorer HTML rendering engine MSHTML, as used in Internet Explorer 6, allows remote attackers to execute arbitrary code in the Local Security context by using the showModalDialog method and modifying the location to execute code such as...

10CVSS6.2AI score0.61057EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2004/07/30 12:0 a.m.•5 views

VulnCheck KEV: CVE-2004-0566

Integer overflow in imgbmp.cxx for Windows 2000 allows remote attackers to execute arbitrary code via a BMP image with a large bfOffBits value...

7.5CVSS6.2AI score0.38477EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2004/07/13 12:0 a.m.•3 views

VulnCheck KEV: CVE-2003-1041

Internet Explorer 5.x and 6.0 allows remote attackers to execute arbitrary programs via a modified directory traversal attack using a URL containing ".." dot dot sequences and a filename that ends in "::" which is treated as a .chm file even if it does not have a .chm extension. NOTE: this bug...

7.5CVSS6.1AI score0.5261EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2004/05/13 12:0 a.m.•4 views

VulnCheck KEV: CVE-2003-0533

Stack-based buffer overflow in certain Active Directory service functions in LSASRV.DLL of the Local Security Authority Subsystem Service LSASS in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute...

7.5CVSS6AI score0.8615EPSS
Exploits8References1
VulnCheck KEV
VulnCheck KEV
•added 2003/12/19 12:0 a.m.•3 views

VulnCheck KEV: CVE-2003-0961

Integer overflow in the dobrk function for the brk system call in Linux kernel 2.4.22 and earlier allows local users to gain root privileges...

7.2CVSS5.8AI score0.03322EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2003/08/01 12:0 a.m.•4 views

VulnCheck KEV: CVE-2003-0605

The RPC DCOM interface in Windows 2000 SP3 and SP4 allows remote attackers to cause a denial of service crash, and local attackers to use the DoS to hijack the epmapper pipe to gain privileges, via certain messages to the RemoteGetClassObject interface that cause a NULL pointer to be passed...

7.5CVSS5.8AI score0.60799EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2003/08/01 12:0 a.m.•4 views

VulnCheck KEV: CVE-2002-0649

Multiple buffer overflows in the Resolution Service for Microsoft SQL Server 2000 and Microsoft Desktop Engine 2000 MSDE allow remote attackers to cause a denial of service or execute arbitrary code via UDP packets to port 1434 in which 1 a 0x04 byte that causes the SQL Monitor thread to...

7.5CVSS6.4AI score0.8475EPSS
Exploits7References1
VulnCheck KEV
VulnCheck KEV
•added 2002/10/22 12:0 a.m.•4 views

VulnCheck KEV: CVE-2002-1235

The kadmserin function in 1 the Kerberos v4compatibility administration daemon kadmind4 in the MIT Kerberos 5 krb5 krb5-1.2.6 and earlier, 2 kadmind in KTH Kerberos 4 eBones before 1.2.1, and 3 kadmind in KTH Kerberos 5 Heimdal before 0.5.1 when compiled with Kerberos 4 support,...

10CVSS5.8AI score0.15105EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2002/03/13 12:0 a.m.•5 views

VulnCheck KEV: CVE-2002-0367

smss.exe debugging subsystem in Microsoft Windows does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges...

7.8CVSS7.4AI score0.05188EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2001/07/19 12:0 a.m.•4 views

VulnCheck KEV: CVE-2001-0500

Buffer overflow in ISAPI extension idq.dll in Index Server 2.0 and Indexing Service 2000 in IIS 6.0 beta and earlier allows remote attackers to execute arbitrary commands via a long argument to Internet Data Administration .ida and Internet Data Query .idq files such as default.ida, as...

10CVSS6.2AI score0.96731EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
•added 2000/01/11 12:0 a.m.•4 views

VulnCheck KEV: CVE-2000-0071

IIS 4.0 allows a remote attacker to obtain the real pathname of the document root by requesting non-existent files with .ida or .idq extensions...

5CVSS5.8AI score0.28058EPSS
Exploits0References1
Total number of security vulnerabilities4985