Lucene search
K
Vulncheck KevRecent

4985 matches found

VulnCheck KEV
VulnCheck KEV
•added 2013/11/06 12:0 a.m.•2 views

VulnCheck KEV: CVE-2013-3906

Microsoft Graphics Component contains a memory corruption vulnerability which can allow for remote code execution...

9.3CVSS7.6AI score0.84971EPSS
Exploits7References1
VulnCheck KEV
VulnCheck KEV
•added 2013/10/26 12:0 a.m.•2 views

VulnCheck KEV: CVE-2011-4106

TimThumb timthumb.php before 2.0 does not validate the entire source with the domain white list, which allows remote attackers to upload and execute arbitrary code via a URL containing a white-listed domain in the src parameter, then accessing it via a direct request to the file in the cache...

6.8CVSS7.6AI score0.23165EPSS
Exploits17References1
VulnCheck KEV
VulnCheck KEV
•added 2013/10/19 12:0 a.m.•4 views

VulnCheck KEV: CVE-2013-6026

The web interface on D-Link DIR-100, DIR-120, DI-624S, DI-524UP, DI-604S, DI-604UP, DI-604+, and TM-G5240 routers; Planex BRL-04R, BRL-04UR, and BRL-04CW routers; and Alpha Networks routers allows remote attackers to bypass authentication and modify settings via an...

10CVSS5.8AI score0.0768EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
•added 2013/10/19 12:0 a.m.•4 views

VulnCheck KEV: CVE-2013-6129

The install/upgrade.php scripts in vBulletin 4.1 and 5 allow remote attackers to create administrative accounts via the customerid, htmldatapassword, htmldataconfirmpassword, and htmldataemail parameters, as exploited in the wild in October 2013...

7.5CVSS5.8AI score0.51887EPSS
Exploits7References1
VulnCheck KEV
VulnCheck KEV
•added 2013/10/09 12:0 a.m.•6 views

VulnCheck KEV: CVE-2013-3897

A use-after-free vulnerability exists within CDisplayPointer in Microsoft Internet Explorer that allows an attacker to remotely execute arbitrary code...

9.3CVSS7.5AI score0.77462EPSS
Exploits8References1
VulnCheck KEV
VulnCheck KEV
•added 2013/10/09 12:0 a.m.•4 views

VulnCheck KEV: CVE-2013-5576

administrator/components/commedia/helpers/media.php in the media manager in Joomla! 2.5.x before 2.5.14 and 3.x before 3.1.5 allows remote authenticated users or remote attackers to bypass intended access restrictions and upload files with dangerous extensions via a filename with a trailing...

6.8CVSS5.8AI score0.48191EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
•added 2013/09/25 12:0 a.m.•5 views

VulnCheck KEV: CVE-2012-1856

The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office allows remote attackers to execute arbitrary code via a crafted 1 document or 2 web page that triggers system-state corruption...

9.3CVSS6.4AI score0.72119EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2013/09/21 12:0 a.m.•5 views

VulnCheck KEV: CVE-2013-3893

Microsoft Internet Explorer contains a memory corruption vulnerability that allows for remote code execution. The impacted products could be end-of-life EoL and/or end-of-service EoS. Users should discontinue product utilization...

9.3CVSS7.7AI score0.8593EPSS
Exploits18References1
VulnCheck KEV
VulnCheck KEV
•added 2013/09/13 12:0 a.m.•3 views

VulnCheck KEV: CVE-2013-1690

Mozilla Firefox and Thunderbird do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial-of-service DoS or possibly execute malicious code via a crafted web site...

9.3CVSS7.3AI score0.69021EPSS
Exploits9References1
VulnCheck KEV
VulnCheck KEV
•added 2013/08/14 12:0 a.m.•7 views

VulnCheck KEV: CVE-2013-7372

The engineNextBytes function in classlib/modules/security/src/main/java/common/org/apache/harmony/security/provider/crypto/SHA1PRNGSecureRandomImpl.java in the SecureRandom implementation in Apache Harmony through 6.0M3, as used in the Java Cryptography Architecture JCA in Android before 4.4...

5CVSS5.8AI score0.0234EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2013/07/26 12:0 a.m.•6 views

VulnCheck KEV: CVE-2013-4854

The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service assertion failure and named daemon exit via a query...

7.8CVSS6.9AI score0.3415EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2013/06/06 12:0 a.m.•4 views

VulnCheck KEV: CVE-2013-4878

The default configuration of Parallels Plesk Panel 9.0.x and 9.2.x on UNIX, and Small Business Panel 10.x on UNIX, has an improper ScriptAlias directive for phppath, which makes it easier for remote attackers to execute arbitrary code via a crafted request, a different vulnerability than...

7.5CVSS6.2AI score0.31072EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2013/05/28 12:0 a.m.•4 views

VulnCheck KEV: CVE-2013-0156

activesupport/coreext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a...

7.5CVSS7.5AI score0.99449EPSS
Exploits21References1
VulnCheck KEV
VulnCheck KEV
•added 2013/05/20 12:0 a.m.•5 views

VulnCheck KEV: CVE-2013-2423

Unspecified vulnerability in hotspot for Java Runtime Environment JRE allows remote attackers to affect integrity...

4.3CVSS6.8AI score0.85333EPSS
Exploits6References1
VulnCheck KEV
VulnCheck KEV
•added 2013/05/17 12:0 a.m.•6 views

VulnCheck KEV: CVE-2012-0518

Unspecified vulnerability in the Oracle Application Server Single Sign-On component in Oracle Fusion Middleware allows remote attackers to affect integrity via Unknown vectors...

4.7CVSS5.8AI score0.04664EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2013/05/17 12:0 a.m.•3 views

VulnCheck KEV: CVE-2013-2094

Linux kernel fails to check all 64 bits of attr.config passed by user space, resulting to out-of-bounds access of the perfsweventenabled array in swperfeventdestroy. Explotation allows for privilege escalation...

8.4CVSS7AI score0.47709EPSS
Exploits15References1
VulnCheck KEV
VulnCheck KEV
•added 2013/05/14 12:0 a.m.•4 views

VulnCheck KEV: CVE-2013-1389

Unspecified vulnerability in Adobe ColdFusion 9.0 before Update 11, 9.0.1 before Update 10, 9.0.2 before Update 5, and 10 before Update 10 allows remote attackers to execute arbitrary code via unknown vectors...

10CVSS6.2AI score0.0613EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2013/05/14 12:0 a.m.•6 views

VulnCheck KEV: CVE-2013-3336

Unspecified vulnerability in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to read arbitrary files via unknown vectors...

5CVSS5.9AI score0.74265EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2013/05/05 12:0 a.m.•4 views

VulnCheck KEV: CVE-2013-1347

This vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer...

9.3CVSS7.6AI score0.77889EPSS
Exploits11References1
VulnCheck KEV
VulnCheck KEV
•added 2013/04/09 12:0 a.m.•3 views

VulnCheck KEV: CVE-2013-1289

Cross-site scripting XSS vulnerability in Microsoft SharePoint Server 2010 SP1, Groove Server 2010 SP1, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka "HTML Sanitization Vulnerability."...

4.3CVSS5.9AI score0.15432EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2013/04/05 12:0 a.m.•3 views

VulnCheck KEV: CVE-2018-11654

Information disclosure in Netwave IP camera at getstatus.cgi via HTTP on port 8000 allows an unauthenticated attacker to exfiltrate sensitive information from the device...

7.5CVSS7.1AI score0.01958EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2013/04/01 12:0 a.m.•3 views

VulnCheck KEV: CVE-2012-3174

Unspecified vulnerability in Oracle Java 7 before Update 11 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2013-0422. NOTE: some parties have mapped CVE-2012-3174 to an issue involving recursive use of the...

10CVSS7.5AI score0.97612EPSS
Exploits38References1
VulnCheck KEV
VulnCheck KEV
•added 2013/03/21 12:0 a.m.•3 views

VulnCheck KEV: CVE-2007-0671

Microsoft Office Excel contains a remote code execution vulnerability that can be exploited when a specially crafted Excel file is opened. This malicious file could be delivered as an email attachment or hosted on a malicious website. An attacker could leverage this vulnerability by creating a...

9.3CVSS6.6AI score0.42139EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2013/03/21 12:0 a.m.•4 views

VulnCheck KEV: CVE-2009-3957

Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to cause a denial of service NULL pointer dereference via unspecified vectors...

5CVSS5.8AI score0.04754EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2013/03/14 12:0 a.m.•3 views

VulnCheck KEV: CVE-2013-0431

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle allows remote attackers to bypass the Java security sandbox...

5.3CVSS6.8AI score0.89987EPSS
Exploits8References1
VulnCheck KEV
VulnCheck KEV
•added 2013/03/14 12:0 a.m.•2 views

VulnCheck KEV: CVE-2009-0563

Microsoft Office contains a buffer overflow vulnerability that allows remote attackers to execute code via a Word document with a crafted tag containing an invalid length field...

9.3CVSS6.5AI score0.63081EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2013/03/14 12:0 a.m.•5 views

VulnCheck KEV: CVE-2013-0158

Unspecified vulnerability in Jenkins before 1.498, Jenkins LTS before 1.480.2, and Jenkins Enterprise 1.447.x before 1.447.6.1 and 1.466.x before 1.466.12.1, when a slave is attached and anonymous read access is enabled, allows remote attackers to obtain the master cryptographic key via unknown...

2.6CVSS5.8AI score0.02455EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2013/03/14 12:0 a.m.•4 views

VulnCheck KEV: CVE-2012-1723

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE allows remote attackers to affect confidentiality, integrity, and availability via Unknown vectors related to Hotspot...

10CVSS7.3AI score0.93688EPSS
Exploits9References1
VulnCheck KEV
VulnCheck KEV
•added 2013/03/07 12:0 a.m.•5 views

VulnCheck KEV: CVE-2017-16959

The locale feature in cgi-bin/luci on TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allows remote authenticated users to test for the existence of arbitrary files by making an operation=write;locale=%0d request, and then making an operation=read request with a crafted Accept-Language HTTP...

6.5CVSS6.8AI score0.0191EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2013/03/04 12:0 a.m.•2 views

VulnCheck KEV: CVE-2013-1493

The color management CMM functionality in the 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code or cause a denial of service crash via an image with crafted raster parameters,...

10CVSS7.7AI score0.85882EPSS
Exploits10References1
VulnCheck KEV
VulnCheck KEV
•added 2013/02/27 12:0 a.m.•4 views

VulnCheck KEV: CVE-2013-0648

Adobe Flash Player contains an unspecified vulnerability in the ExternalInterface ActionScript functionality that allows a remote attacker to execute arbitrary code via crafted SWF content...

9.3CVSS6.2AI score0.11094EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2013/02/27 12:0 a.m.•6 views

VulnCheck KEV: CVE-2013-0643

Adobe Flash Player contains an incorrect default permissions vulnerability in the Firefox sandbox that allows a remote attacker to execute arbitrary code via crafted SWF content...

9.3CVSS6.2AI score0.10533EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2013/02/26 12:0 a.m.•2 views

VulnCheck KEV: CVE-2013-0707

Unspecified vulnerability in JustSystems Ichitaro 2006 and 2007, Ichitaro Government 2006 and 2007, Ichitaro Portable with oreplug, Hanako 2006 through 2013, Hanako Police, Hanako Police 3, and Hanako Police 2010 allows remote attackers to execute arbitrary code via a crafted file...

9.3CVSS6.2AI score0.03815EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2013/02/21 12:0 a.m.•4 views

VulnCheck KEV: CVE-2012-5671

Heap-based buffer overflow in the dkimeximquerydnstxt function in dkim.c in Exim 4.70 through 4.80, when DKIM support is enabled and aclsmtpconnect and aclsmtprcpt are not set to "warn control = dkimdisableverify," allows remote attackers to execute arbitrary code via an email from a...

6.8CVSS7.6AI score0.08382EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2013/02/18 12:0 a.m.•4 views

VulnCheck KEV: CVE-2021-23562

This affects the package plupload before 2.3.9. A file name containing JavaScript code could be uploaded and run. An attacker would need to trick a user to upload this kind of file...

8.8CVSS7.3AI score0.00993EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2013/02/13 12:0 a.m.•5 views

VulnCheck KEV: CVE-2013-0641

A buffer overflow vulnerability exists in Adobe Reader which allows an attacker to perform remote code execution...

9.3CVSS6.5AI score0.32449EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2013/02/13 12:0 a.m.•3 views

VulnCheck KEV: CVE-2013-0640

An memory corruption vulnerability exists in the acroform.dll in Adobe Reader that allows an attacker to perform remote code execution...

9.3CVSS6.3AI score0.86979EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
•added 2013/02/12 12:0 a.m.•3 views

VulnCheck KEV: CVE-2012-4167

Integer overflow in Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on Windows and Mac OS X, before 10.3.183.23 and 11.x before 11.2.202.238 on Linux, before 11.1.111.16 on Android 2.x and 3.x, and before 11.1.115.17 on Android 4.x; Adobe AIR before 3.4.0.2540; and Adobe AIR...

10CVSS5.8AI score0.09233EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2013/02/12 12:0 a.m.•5 views

VulnCheck KEV: CVE-2012-5054

Adobe Flash Player contains an integer overflow vulnerability that allows remote attackers to execute code via malformed arguments...

9.3CVSS6AI score0.21194EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2013/02/12 12:0 a.m.•1 views

VulnCheck KEV: CVE-2012-1682

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 6 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans, a different vulnerability than CVE-2012-3136. NOTE: Oracle has...

10CVSS7.3AI score0.05402EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2013/02/08 12:0 a.m.•3 views

VulnCheck KEV: CVE-2013-0633

Buffer overflow in Adobe Flash Player before 10.3.183.51 and 11.x before 11.5.502.149 on Windows and Mac OS X, before 10.3.183.51 and 11.x before 11.2.202.262 on Linux, before 11.1.111.32 on Android 2.x and 3.x, and before 11.1.115.37 on Android 4.x allows remote attackers to execute arbitrary...

9.3CVSS6AI score0.20881EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2013/02/08 12:0 a.m.•4 views

VulnCheck KEV: CVE-2013-0634

Adobe Flash Player before 10.3.183.51 and 11.x before 11.5.502.149 on Windows and Mac OS X, before 10.3.183.51 and 11.x before 11.2.202.262 on Linux, before 11.1.111.32 on Android 2.x and 3.x, and before 11.1.115.37 on Android 4.x allows remote attackers to execute arbitrary code or cause a...

9.3CVSS6.2AI score0.77597EPSS
Exploits10References1
VulnCheck KEV
VulnCheck KEV
•added 2013/01/17 12:0 a.m.•3 views

VulnCheck KEV: CVE-2013-0632

An authentication bypass vulnerability exists in Adobe ColdFusion which could result in an unauthorized user gaining administrative access...

10CVSS7.4AI score0.93691EPSS
Exploits11References1
VulnCheck KEV
VulnCheck KEV
•added 2013/01/10 12:0 a.m.•4 views

VulnCheck KEV: CVE-2013-0422

A vulnerability in the way Java restricts the permissions of Java applets could allow an attacker to execute commands on a vulnerable system...

10CVSS7.5AI score0.97612EPSS
Exploits38References1
VulnCheck KEV
VulnCheck KEV
•added 2013/01/09 12:0 a.m.•4 views

VulnCheck KEV: CVE-2013-0631

Adobe Coldfusion contains an unspecified vulnerability, which could result in information disclosure from a compromised server...

7.5CVSS7.5AI score0.65867EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2013/01/09 12:0 a.m.•5 views

VulnCheck KEV: CVE-2013-0625

Adobe Coldfusion contains an authentication bypass vulnerability, which could result in an unauthorized user gaining administrative access...

9.8CVSS7.4AI score0.93797EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
•added 2013/01/09 12:0 a.m.•3 views

VulnCheck KEV: CVE-2013-0629

Adobe Coldfusion contains a directory traversal vulnerability, which could permit an unauthorized user access to restricted directories...

7.5CVSS7.4AI score0.65902EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
•added 2013/01/08 12:0 a.m.•4 views

VulnCheck KEV: CVE-2012-6498

Unrestricted file upload vulnerability in index.php in Atomymaxsite 2.5 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file, as exploited in the wild in October 2012...

6.8CVSS6.2AI score0.02025EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2013/01/02 12:0 a.m.•3 views

VulnCheck KEV: CVE-2012-6467

Opera before 12.10 follows Internet shortcuts that are referenced by a 1 IMG element or 2 other inline element, which makes it easier for remote attackers to conduct phishing attacks via a crafted web site, as exploited in the wild in November 2012...

4.3CVSS5.8AI score0.0146EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2012/12/29 12:0 a.m.•6 views

VulnCheck KEV: CVE-2012-4792

Microsoft Internet Explorer contains a use-after-free vulnerability that allows a remote attacker to execute arbitrary code via a crafted web site that triggers access to an object that 1 was not properly allocated or 2 is deleted, as demonstrated by a CDwnBindInfo object...

9.3CVSS7.8AI score0.78823EPSS
Exploits12References1
Total number of security vulnerabilities4985