Lucene search
K
Vulncheck KevRecent

4985 matches found

VulnCheck KEV
VulnCheck KEV
•added 2012/11/16 12:0 a.m.•4 views

VulnCheck KEV: CVE-2011-0559

Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service memory corruption via crafted parameters to an unspecified ActionScript method that cause a parameter to be used as an object pointer, a different vulnerability than CVE-2011-0560,...

9.3CVSS6.2AI score0.06287EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2012/11/12 12:0 a.m.•6 views

VulnCheck KEV: CVE-2012-5076

The default Java security properties configuration did not restrict access to the com.sun.org.glassfish.external and com.sun.org.glassfish.gmbal packages. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions...

10CVSS7.4AI score0.91013EPSS
Exploits18References1
VulnCheck KEV
VulnCheck KEV
•added 2012/10/18 12:0 a.m.•4 views

VulnCheck KEV: CVE-2009-1134

Excel in 2007 Microsoft Office System SP1 and SP2; Microsoft Office Excel Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allow remote attackers to execute arbitrary code via a BIFF file with a malformed Qsir 0x806 record object, aka...

9.3CVSS6.2AI score0.35698EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
•added 2012/10/18 12:0 a.m.•2 views

VulnCheck KEV: CVE-2009-2501

Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold...

9.3CVSS7.5AI score0.26824EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2012/10/18 12:0 a.m.•2 views

VulnCheck KEV: CVE-2009-3126

Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3,...

9.3CVSS7.3AI score0.23461EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2012/10/18 12:0 a.m.•4 views

VulnCheck KEV: CVE-2010-2862

Integer overflow in CoolType.dll in Adobe Reader 8.2.3 and 9.3.3, and Acrobat 9.3.3, allows remote attackers to execute arbitrary code via a TrueType font with a large maxCompositePoints value in a Maximum Profile maxp table...

9.3CVSS6.2AI score0.16305EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2012/10/18 12:0 a.m.•4 views

VulnCheck KEV: CVE-2009-0561

Integer overflow in Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Excel in 2007 Microsoft Office System SP1 and SP2; Open XML File Format Converter for Mac; Microsoft Office Excel Viewer 2003 SP3; Microsoft Office Excel Viewer; Microsoft...

9.3CVSS5.8AI score0.36897EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2012/10/18 12:0 a.m.•3 views

VulnCheck KEV: CVE-2009-0084

Use-after-free vulnerability in DirectShow in Microsoft DirectX 8.1 and 9.0 allows remote attackers to execute arbitrary code via an MJPEG file or video stream with a malformed Huffman table, which triggers an exception that frees heap memory that is later accessed, aka "MJPEG Decompression...

9.3CVSS6.2AI score0.31808EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2012/10/18 12:0 a.m.•4 views

VulnCheck KEV: CVE-2010-1241

Heap-based buffer overflow in the custom heap management system in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted PDF document, aka FG-VD-10-005...

9.3CVSS6.5AI score0.09208EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2012/10/18 12:0 a.m.•5 views

VulnCheck KEV: CVE-2011-0618

Integer overflow in Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors...

9.3CVSS6.2AI score0.04937EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2012/10/18 12:0 a.m.•5 views

VulnCheck KEV: CVE-2010-0028

Integer overflow in Microsoft Paint in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted JPEG .JPG file, aka "MS Paint Integer Overflow Vulnerability."...

9.3CVSS6.2AI score0.48452EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2012/10/18 12:0 a.m.•4 views

VulnCheck KEV: CVE-2010-0480

Multiple stack-based buffer overflows in the MPEG Layer-3 audio codecs in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to execute arbitrary code via a crafted AVI file, aka "MPEG Layer-3 Audio Decoder...

9.3CVSS6.5AI score0.67888EPSS
Exploits13References1
VulnCheck KEV
VulnCheck KEV
•added 2012/10/18 12:0 a.m.•2 views

VulnCheck KEV: CVE-2008-2249

Integer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a malformed header in a crafted WMF file, which triggers a buffer overflow, aka "GDI Integer Overflow...

9.3CVSS6.5AI score0.31122EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2012/10/09 12:0 a.m.•6 views

VulnCheck KEV: CVE-2011-0227

The queueing primitives in IOMobileFrameBuffer in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 do not properly perform type conversion, which allows local users to gain privileges via a crafted application...

7.2CVSS5.8AI score0.00315EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2012/09/22 12:0 a.m.•3 views

VulnCheck KEV: CVE-2012-6081

Multiple unrestricted file upload vulnerabilities in the 1 twikidraw action/twikidraw.py and 2 anywikidraw action/anywikidraw.py actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to execute arbitrary code by uploading a file with an executable...

6CVSS6.4AI score0.30566EPSS
Exploits7References1
VulnCheck KEV
VulnCheck KEV
•added 2012/09/18 12:0 a.m.•3 views

VulnCheck KEV: CVE-2012-4969

Microsoft Internet Explorer contains a use-after-free vulnerability that allows remote attackers to execute code via a crafted web site...

9.3CVSS7.6AI score0.81716EPSS
Exploits8References1
VulnCheck KEV
VulnCheck KEV
•added 2012/09/01 12:0 a.m.•5 views

VulnCheck KEV: CVE-2012-1889

Microsoft XML Core Services contains a memory corruption vulnerability which could allow for remote code execution...

9.3CVSS7.7AI score0.83638EPSS
Exploits12References1
VulnCheck KEV
VulnCheck KEV
•added 2012/09/01 12:0 a.m.•8 views

VulnCheck KEV: CVE-2012-1875

Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Same ID Property Remote Code Execution Vulnerability."...

9.3CVSS6.5AI score0.61655EPSS
Exploits11References1
VulnCheck KEV
VulnCheck KEV
•added 2012/08/31 12:0 a.m.•4 views

VulnCheck KEV: CVE-2011-5148

Multiple incomplete blacklist vulnerabilities in the Simple File Upload modsimplefileuploadv1.3 module before 1.3.5 for Joomla! allow remote attackers to execute arbitrary code by uploading a file with a 1 php5, 2 php6, or 3 double e.g. .php.jpg extension, then accessing it via a...

6.8CVSS6.2AI score0.04879EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2012/08/28 12:0 a.m.•4 views

VulnCheck KEV: CVE-2012-4681

The Java Runtime Environment JRE component in Oracle Java SE allow for remote code execution...

10CVSS7.7AI score0.98536EPSS
Exploits10References1
VulnCheck KEV
VulnCheck KEV
•added 2012/08/15 12:0 a.m.•6 views

VulnCheck KEV: CVE-2012-1535

Unspecified vulnerability in Adobe Flash Player allows remote attackers to execute arbitrary code or cause a denial of service via crafted SWF content...

9.3CVSS7.6AI score0.70384EPSS
Exploits11References1
VulnCheck KEV
VulnCheck KEV
•added 2012/07/10 12:0 a.m.•6 views

VulnCheck KEV: CVE-2012-1854

Microsoft Visual Basic for Applications VBA contains an insecure library loading vulnerability that could allow for remote code execution...

7.8CVSS6.2AI score0.21028EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2012/07/03 12:0 a.m.•4 views

VulnCheck KEV: CVE-2012-3372

The default configuration of Cyberoam UTM appliances uses the same Certification Authority certificate and same private key across different customers' installations, which makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging the presence of the CyberoamSSLCA...

7.4CVSS6AI score0.00938EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2012/07/02 12:0 a.m.•7 views

VulnCheck KEV: CVE-2012-0507

An incorrect type vulnerability exists in the Concurrency component of Oracle's Java Runtime Environment allows an attacker to remotely execute arbitrary code...

10CVSS7.6AI score0.98113EPSS
Exploits13References1
VulnCheck KEV
VulnCheck KEV
•added 2012/06/19 12:0 a.m.•4 views

VulnCheck KEV: CVE-2012-1823

sapi/cgi/cgimain.c in PHP, when configured as a CGI script, does not properly handle query strings, which allows remote attackers to execute arbitrary code...

9.8CVSS7.7AI score0.99998EPSS
Exploits42References1
VulnCheck KEV
VulnCheck KEV
•added 2012/06/19 12:0 a.m.•3 views

VulnCheck KEV: CVE-2012-2688

Unspecified vulnerability in the phpstreamscandir function in the stream implementation in PHP before 5.3.15 and 5.4.x before 5.4.5 has unknown impact and remote attack vectors, related to an "overflow."...

10CVSS7.3AI score0.10467EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2012/06/07 12:0 a.m.•4 views

VulnCheck KEV: CVE-2012-10064

Omni Secure Files plugin versions prior to 0.1.14 contain an arbitrary file upload vulnerability in the bundled plupload example endpoint. The /wp-content/plugins/omni-secure-files/plupload/examples/upload.php handler allows unauthenticated uploads without enforcing safe file type restrictions,...

9.3CVSS5.9AI score0.00677EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2012/05/21 12:0 a.m.•4 views

VulnCheck KEV: CVE-2012-2376

Buffer overflow in the comprinttypeinfo function in PHP 5.4.3 and earlier on Windows allows remote attackers to execute arbitrary code via crafted arguments that trigger incorrect handling of COM object VARIANT types, as exploited in the wild in May 2012...

10CVSS6.2AI score0.20054EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2012/05/09 12:0 a.m.•2 views

VulnCheck KEV: CVE-2012-2311

sapi/cgi/cgimain.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script aka php-cgi, does not properly handle query strings that contain a %3D sequence but no = equals sign character, which allows remote attackers to execute arbitrary code by placing command-line...

7.5CVSS7.7AI score0.68846EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2012/05/04 12:0 a.m.•2 views

VulnCheck KEV: CVE-2012-0779

Adobe Flash Player before 10.3.183.19 and 11.x before 11.2.202.235 on Windows, Mac OS X, and Linux; before 11.1.111.9 on Android 2.x and 3.x; and before 11.1.115.8 on Android 4.x allows remote attackers to execute arbitrary code via a crafted file, related to an "object confusion...

9.3CVSS6.4AI score0.85698EPSS
Exploits10References1
VulnCheck KEV
VulnCheck KEV
•added 2012/04/12 12:0 a.m.•2 views

VulnCheck KEV: CVE-2009-4834

lib.php in Zeroboard 4.1 pl7 allows remote attackers to execute arbitrary PHP code via a crafted parameter name, possibly related to nowconnect.php...

6.8CVSS6.1AI score0.04024EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2012/03/20 12:0 a.m.•6 views

VulnCheck KEV: CVE-2012-1795

webglimpse.cgi in Webglimpse before 2.20.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the query parameter, as exploited in the wild in March 2012...

7.5CVSS6.1AI score0.04215EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2012/03/12 12:0 a.m.•2 views

VulnCheck KEV: CVE-2011-10033

The WordPress plugin is-human = v1.4.2 contains an eval injection vulnerability in /is-human/engine.php that can be triggered via the 'type' parameter when the 'action' parameter is set to 'log-reset'. The root cause is unsafe use of eval on user-controlled input, which can lead to execution...

9.3CVSS5.8AI score0.00436EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2012/03/12 12:0 a.m.•4 views

VulnCheck KEV: CVE-2012-1557

SQL injection vulnerability in admin/plib/api-rpc/Agent.php in Parallels Plesk Panel 7.x and 8.x before 8.6 MU2, 9.x before 9.5 MU11, 10.0.x before MU13, 10.1.x before MU22, 10.2.x before MU16, and 10.3.x before MU5 allows remote attackers to execute arbitrary SQL commands via unspecified...

7.5CVSS6.2AI score0.06109EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2012/03/05 12:0 a.m.•2 views

VulnCheck KEV: CVE-2012-0754

Adobe Flash Player contains a memory corruption vulnerability that allows remote attackers to execute code or cause denial-of-service DoS...

9.3CVSS7.4AI score0.9203EPSS
Exploits11References1
VulnCheck KEV
VulnCheck KEV
•added 2012/02/16 12:0 a.m.•4 views

VulnCheck KEV: CVE-2012-0767

Adobe Flash Player contains a XSS vulnerability that allows remote attackers to inject web script or HTML...

6.1CVSS5.8AI score0.06662EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2012/02/10 12:0 a.m.•5 views

VulnCheck KEV: CVE-2011-2140

Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a denial of service memory corruption via...

10CVSS6.2AI score0.82258EPSS
Exploits15References1
VulnCheck KEV
VulnCheck KEV
•added 2012/02/02 12:0 a.m.•3 views

VulnCheck KEV: CVE-2012-1071

SQL injection vulnerability in the Kitchen recipe mvcooking extension before 0.4.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild as of February 2012...

7.5CVSS6.2AI score0.01337EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2012/01/27 12:0 a.m.•7 views

VulnCheck KEV: CVE-2012-0056

The memwrite function in the Linux kernel before 3.2.2, when ASLR is disabled, does not properly check permissions when writing to /proc//mem, which allows local users to gain privileges by modifying process memory, as demonstrated by Mempodipper...

6.9CVSS7.3AI score0.10904EPSS
Exploits11References1
VulnCheck KEV
VulnCheck KEV
•added 2012/01/26 12:0 a.m.•3 views

VulnCheck KEV: CVE-2012-0003

Unspecified vulnerability in winmm.dll in Windows Multimedia Library in Windows Media Player WMP in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via a crafted MIDI file, aka "MIDI Remote Code Execution...

9.3CVSS7.7AI score0.69499EPSS
Exploits12References1
VulnCheck KEV
VulnCheck KEV
•added 2012/01/17 12:0 a.m.•4 views

VulnCheck KEV: CVE-2011-3414

The CaseInsensitiveHashProvider.getHashCode function in the HashTable implementation in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably,...

7.8CVSS5.8AI score0.58895EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2012/01/17 12:0 a.m.•4 views

VulnCheck KEV: CVE-2011-2505

libraries/auth/swekey/swekey.auth.lib.php in the Swekey authentication feature in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 assigns values to arbitrary parameters referenced in the query string, which allows remote attackers to modify the SESSION superglobal array via a crafted...

6.4CVSS6.2AI score0.12879EPSS
Exploits15References1
VulnCheck KEV
VulnCheck KEV
•added 2012/01/14 12:0 a.m.•4 views

VulnCheck KEV: CVE-2011-3544

An access control vulnerability exists in the Applet Rhino Script Engine component of Oracle's Java Runtime Environment allows an attacker to remotely execute arbitrary code...

10CVSS7.6AI score0.96714EPSS
Exploits13References1
VulnCheck KEV
VulnCheck KEV
•added 2012/01/14 12:0 a.m.•5 views

VulnCheck KEV: CVE-2010-0842

Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.225, and 1.3.127 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the...

7.5CVSS7.3AI score0.77721EPSS
Exploits9References1
VulnCheck KEV
VulnCheck KEV
•added 2012/01/01 12:0 a.m.•5 views

VulnCheck KEV: CVE-2009-3129

Microsoft Office Excel allows remote attackers to execute arbitrary code via a spreadsheet with a FEATHEADER record containing an invalid cbHdrData size element that affects a pointer offset...

9.3CVSS6.4AI score0.85731EPSS
Exploits10References1
VulnCheck KEV
VulnCheck KEV
•added 2012/01/01 12:0 a.m.•4 views

VulnCheck KEV: CVE-2010-3333

A stack-based buffer overflow vulnerability exists in the parsing of RTF data in Microsoft Office and earlier allows an attacker to perform remote code execution...

9.3CVSS7.8AI score0.89497EPSS
Exploits14References1
VulnCheck KEV
VulnCheck KEV
•added 2012/01/01 12:0 a.m.•4 views

VulnCheck KEV: CVE-2011-1269

Microsoft PowerPoint 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 make unspecified function calls during file parsing without proper handling of memory,...

9.3CVSS5.8AI score0.14883EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2012/01/01 12:0 a.m.•4 views

VulnCheck KEV: CVE-2012-0158

Microsoft MSCOMCTL.OCX contains an unspecified vulnerability that allows for remote code execution, allowing an attacker to take complete control of an affected system under the context of the current user...

9.3CVSS7.2AI score0.99966EPSS
Exploits12References1
VulnCheck KEV
VulnCheck KEV
•added 2011/12/23 12:0 a.m.•5 views

VulnCheck KEV: CVE-2011-4862

Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications aka krb5-appl 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key,...

10CVSS6.6AI score0.95104EPSS
Exploits19References1
VulnCheck KEV
VulnCheck KEV
•added 2011/12/16 12:0 a.m.•4 views

VulnCheck KEV: CVE-2011-4369

Unspecified vulnerability in the PRC component in Adobe Reader and Acrobat 9.x before 9.4.7 on Windows, Adobe Reader and Acrobat 9.x through 9.4.6 on Mac OS X, Adobe Reader and Acrobat 10.x through 10.1.1 on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX allows remote...

10CVSS5.8AI score0.07615EPSS
Exploits1References1
Total number of security vulnerabilities4985