Lucene search
K
Vulncheck KevRecent

4985 matches found

VulnCheck KEV
VulnCheck KEV
•added 2011/12/07 12:0 a.m.•4 views

VulnCheck KEV: CVE-2011-2462

The Universal 3D U3D component in Adobe Reader and Acrobat contains a memory corruption vulnerability which could allow remote attackers to execute code or cause denial-of-service DoS...

10CVSS7.6AI score0.86238EPSS
Exploits11References1
VulnCheck KEV
VulnCheck KEV
•added 2011/11/04 12:0 a.m.•4 views

VulnCheck KEV: CVE-2011-3402

Microsoft Windows Kernel contains an unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers that allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page...

9.3CVSS6.4AI score0.78285EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2011/11/02 12:0 a.m.•5 views

VulnCheck KEV: CVE-2011-4075

The masort function in lib/functions.php in phpLDAPadmin 1.2.x before 1.2.2 allows remote attackers to execute arbitrary PHP code via the orderby parameter aka sortby variable in a queryengine action to cmd.php, as exploited in the wild in October 2011...

7.5CVSS6.1AI score0.51891EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
•added 2011/10/26 12:0 a.m.•3 views

VulnCheck KEV: CVE-2010-3332

Microsoft .NET Framework 1.1 SP1, 2.0 SP1 and SP2, 3.5, 3.5 SP1, 3.5.1, and 4.0, as used for ASP.NET in Microsoft Internet Information Services IIS, provides detailed error codes during decryption attempts, which allows remote attackers to decrypt and modify encrypted View State aka...

6.4CVSS5.8AI score0.67481EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2011/10/18 12:0 a.m.•5 views

VulnCheck KEV: CVE-2014-7235

htdocsari/includes/login.php in the ARI Framework module/Asterisk Recording Interface ARI in FreePBX before 2.9.0.9, 2.10.x, and 2.11 before 2.11.1.5 allows remote attackers to execute arbitrary code via the ariauth cookie, related to the PHP unserialize function, as exploited in the wild...

10CVSS6.4AI score0.4299EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
•added 2011/09/22 12:0 a.m.•5 views

VulnCheck KEV: CVE-2011-2444

Cross-site scripting XSS vulnerability in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, related to a "universal cross-site scripting issue," as...

4.3CVSS5.9AI score0.02701EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2011/09/01 12:0 a.m.•6 views

VulnCheck KEV: CVE-2007-4748

Buffer overflow in the PowerPlayer.dll ActiveX control in PPStream 2.0.1.3829 allows remote attackers to execute arbitrary code via a long Logo parameter...

6.8CVSS6.2AI score0.07213EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2011/09/01 12:0 a.m.•3 views

VulnCheck KEV: CVE-2007-4105

A certain ActiveX control in BaiduBar.dll in Baidu Soba Search Bar 5.4 allows remote attackers to execute arbitrary code via a request containing "a link to download and a file to execute," possibly involving remote file inclusion...

9.3CVSS6.2AI score0.07325EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2011/09/01 12:0 a.m.•6 views

VulnCheck KEV: CVE-2007-4816

Multiple buffer overflows in the BaoFeng2 storm ActiveX control in Mps.dll allow remote attackers to have an unknown impact via a long 1 URL, 2 backImage, or 3 titleImage property value; 4 a long first argument to the advancedOpen method; a long argument to the 5 isDVDPath or 6...

7.5CVSS6AI score0.09079EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2011/09/01 12:0 a.m.•1 views

VulnCheck KEV: CVE-2007-6144

Heap-based buffer overflow in the PPlayer.XPPlayer.1 ActiveX control in pplayer.dll1work in Xunlei Thunder 5.7.4.401 allows remote attackers to execute arbitrary code via a long string in a FlvPlayerUrl property value. NOTE: some of these details are obtained from third party information...

6CVSS6.5AI score0.0332EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2011/08/24 12:0 a.m.•5 views

VulnCheck KEV: CVE-2011-3192

The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service memory and CPU consumption via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a...

7.8CVSS7.2AI score0.98945EPSS
Exploits17References1
VulnCheck KEV
VulnCheck KEV
•added 2011/08/09 12:0 a.m.•4 views

VulnCheck KEV: CVE-2011-1968

The Remote Desktop Protocol RDP implementation in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 does not properly process packets in memory, which allows remote attackers to cause a denial of service reboot by sending crafted RDP packets triggering access to an object that...

7.1CVSS5.9AI score0.25708EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2011/08/05 12:0 a.m.•4 views

VulnCheck KEV: CVE-2011-2900

Stack-based buffer overflow in the 1 putdir function in mongoose.c in Mongoose 3.0, 2 putdir function in yasslEWS.c in yaSSL Embedded Web Server yasslEWS 0.2, and 3 shttpdputdir function in iodir.c in Simple HTTPD shttpd 1.42 allows remote attackers to execute arbitrary code via...

7.5CVSS6.4AI score0.13256EPSS
Exploits6References1
VulnCheck KEV
VulnCheck KEV
•added 2011/07/30 12:0 a.m.•5 views

VulnCheck KEV: CVE-2010-1871

JBoss Seam 2 jboss-seam2, as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, allows attackers to perform remote code execution. This vulnerability can only be exploited when the Java Security Manager is not properly configured...

8.8CVSS7.5AI score0.83397EPSS
Exploits8References1
VulnCheck KEV
VulnCheck KEV
•added 2011/07/29 12:0 a.m.•3 views

VulnCheck KEV: CVE-2009-1151

Setup script used to generate configuration can be fooled using a crafted POST request to include arbitrary PHP code in generated configuration file...

9.8CVSS7.5AI score0.95438EPSS
Exploits16References1
VulnCheck KEV
VulnCheck KEV
•added 2011/07/26 12:0 a.m.•4 views

VulnCheck KEV: CVE-2010-0840

Unspecified vulnerability in the Java Runtime Environment JRE in Java SE component allows remote attackers to affect confidentiality, integrity, and availability via Unknown vectors...

9.8CVSS7.5AI score0.96319EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
•added 2011/07/26 12:0 a.m.•5 views

VulnCheck KEV: CVE-2010-1885

The MPC::HexToNum function in helpctr.exe in Microsoft Windows Help and Support Center in Windows XP and Windows Server 2003 does not properly handle malformed escape sequences, which allows remote attackers to bypass the trusted documents whitelist fromHCP option and execute arbitrary commands...

9.3CVSS7.7AI score0.75458EPSS
Exploits11References1
VulnCheck KEV
VulnCheck KEV
•added 2011/07/19 12:0 a.m.•2 views

VulnCheck KEV: CVE-2011-0226

Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a...

9.3CVSS6.2AI score0.06646EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2011/07/18 12:0 a.m.•7 views

VulnCheck KEV: CVE-2011-1331

JustSystems Ichitaro 2005 through 2011, Ichitaro Government 6, Ichitaro Government 2006 through 2010, Ichitaro Portable, Ichitaro Pro, and Ichitaro Viewer allow remote attackers to execute arbitrary code or cause a denial of service heap memory corruption via a crafted document, as exploited in...

9.3CVSS6.2AI score0.05564EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2011/06/30 12:0 a.m.•4 views

VulnCheck KEV: CVE-2011-1249

The Ancillary Function Driver AFD in afd.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows local users to gain privileges...

7.2CVSS5.8AI score0.08488EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
•added 2011/06/20 12:0 a.m.•3 views

VulnCheck KEV: CVE-2010-4452

Unspecified vulnerability in the Deployment component in Java Runtime Environment JRE in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown...

10CVSS5.8AI score0.8316EPSS
Exploits11References1
VulnCheck KEV
VulnCheck KEV
•added 2011/06/16 12:0 a.m.•5 views

VulnCheck KEV: CVE-2011-2110

Adobe Flash Player before 10.3.181.26 on Windows, Mac OS X, Linux, and Solaris, and 10.3.185.23 and earlier on Android, allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via unspecified vectors, as exploited in the wild in June 2011...

10CVSS6.2AI score0.86421EPSS
Exploits11References1
VulnCheck KEV
VulnCheck KEV
•added 2011/06/08 12:0 a.m.•7 views

VulnCheck KEV: CVE-2009-5076

CRE Loaded before 6.2.14, and possibly other versions before 6.3.x, allows remote attackers to bypass authentication and gain administrator privileges via a request with 1 login.php or 2 passwordforgotten.php appended as the PATHINFO, which bypasses a check that uses PHPSELF, which is...

7.5CVSS5.8AI score0.01409EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2011/06/06 12:0 a.m.•4 views

VulnCheck KEV: CVE-2011-2107

Cross-site scripting XSS vulnerability in Adobe Flash Player before 10.3.181.22 on Windows, Mac OS X, Linux, and Solaris, and 10.3.185.22 and earlier on Android, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "universal cross-site...

4.3CVSS6AI score0.03553EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2011/06/06 12:0 a.m.•6 views

VulnCheck KEV: CVE-2011-1950

plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users to modify the properties of arbitrary accounts via unspecified vectors, as exploited in the wild in June 2011...

5.5CVSS5.9AI score0.01579EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2011/06/06 12:0 a.m.•5 views

VulnCheck KEV: CVE-2011-1752

The moddavsvn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via a request for a baselined WebDAV resource, as exploited in the wild in May 2011...

5CVSS7.3AI score0.08483EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2011/05/16 12:0 a.m.•5 views

VulnCheck KEV: CVE-2011-0094

Use-after-free vulnerability in Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code by accessing an object that 1 was not properly initialized or 2 is deleted, aka "Layouts Handling Memory Corruption Vulnerability."...

9.3CVSS6.2AI score0.21905EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2011/05/16 12:0 a.m.•6 views

VulnCheck KEV: CVE-2011-1345

Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that 1 was not properly initialized or 2 is deleted, as demonstrated by Stephen Fewer as the first of three chained...

9.3CVSS6.2AI score0.40875EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2011/05/12 12:0 a.m.•4 views

VulnCheck KEV: CVE-2011-0627

Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via crafted Flash content, as possibly exploited in the wild in May 2011 by a...

9.3CVSS6.4AI score0.05066EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2011/04/21 12:0 a.m.•4 views

VulnCheck KEV: CVE-2008-1898

A certain ActiveX control in WkImgSrv.dll 7.03.0616.0, as distributed in Microsoft Works 7 and Microsoft Office 2003 and 2007, allows remote attackers to execute arbitrary code or cause a denial of service browser crash via an invalid WksPictureInterface property value, which triggers an...

9.3CVSS6.2AI score0.52033EPSS
Exploits7References1
VulnCheck KEV
VulnCheck KEV
•added 2011/04/13 12:0 a.m.•5 views

VulnCheck KEV: CVE-2011-0611

Adobe Flash Player contains a vulnerability that allows remote attackers to execute arbitrary code or cause a denial of service application crash via crafted Flash content...

9.3CVSS7.8AI score0.9941EPSS
Exploits14References1
VulnCheck KEV
VulnCheck KEV
•added 2011/04/12 12:0 a.m.•4 views

VulnCheck KEV: CVE-2011-0096

The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle a MIME format in a request for content blocks in a document, which allows remote...

6.1CVSS5.8AI score0.46819EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2011/04/07 12:0 a.m.•4 views

VulnCheck KEV: CVE-2011-1722

Multiple SQL injection vulnerabilities in WEC Discussion Forum wecdiscussion extension 2.1.0 and earlier for TYPO3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild in April 2011...

7.5CVSS6.2AI score0.01299EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2011/03/15 12:0 a.m.•2 views

VulnCheck KEV: CVE-2011-0609

Adobe Flash Player contains an unspecified vulnerability that allows remote attackers to execute code or cause denial-of-service DoS...

9.3CVSS7.4AI score0.66821EPSS
Exploits8References1
VulnCheck KEV
VulnCheck KEV
•added 2011/03/08 12:0 a.m.•3 views

VulnCheck KEV: CVE-2010-3971

Use-after-free vulnerability in the CSharedStyleSheet::Notify function in the Cascading Style Sheets CSS parser in mshtml.dll, as used in Microsoft Internet Explorer 6 through 8 and other products, allows remote attackers to execute arbitrary code or cause a denial of service application...

9.3CVSS7.8AI score0.81663EPSS
Exploits9References1
VulnCheck KEV
VulnCheck KEV
•added 2011/02/21 12:0 a.m.•4 views

VulnCheck KEV: CVE-2011-10041

Uploadify WordPress plugin versions up to and including 1.0 contain an arbitrary file upload vulnerability in processupload.php due to missing file type validation. An unauthenticated remote attacker can upload arbitrary files to the affected WordPress site, which may allow remote code execution...

9.3CVSS6.1AI score0.008EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2011/02/18 12:0 a.m.•5 views

VulnCheck KEV: CVE-2011-1035

The password reset in PivotX before 2.2.4 allows remote attackers to modify the passwords of arbitrary users via unspecified vectors...

7.5CVSS5.9AI score0.04019EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2010/12/10 12:0 a.m.•4 views

VulnCheck KEV: CVE-2010-4344

Heap-based buffer overflow in the stringvformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session...

9.8CVSS7.9AI score0.71794EPSS
Exploits6References1
VulnCheck KEV
VulnCheck KEV
•added 2010/12/10 12:0 a.m.•4 views

VulnCheck KEV: CVE-2010-4345

Exim allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands...

7.8CVSS7.4AI score0.17794EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
•added 2010/11/16 12:0 a.m.•4 views

VulnCheck KEV: CVE-2010-4270

Directory traversal vulnerability in the nBill comnetinvoice component before 2.0.9 standard edition, 2.0.10 lite edition, and 1.210 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in unspecified vectors related to 1...

5CVSS5.9AI score0.0163EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2010/11/05 12:0 a.m.•4 views

VulnCheck KEV: CVE-2010-3962

Microsoft Internet Explorer contains an uninitialized memory corruption vulnerability that could allow for remote code execution. The impacted product could be end-of-life EoL and/or end-of-service EoS. Users should discontinue product utilization...

9.3CVSS6.2AI score0.96889EPSS
Exploits14References1
VulnCheck KEV
VulnCheck KEV
•added 2010/11/05 12:0 a.m.•4 views

VulnCheck KEV: CVE-2010-3916

Unspecified vulnerability in JustSystems Ichitaro and Ichitaro Government allows remote attackers to execute arbitrary code via a crafted document, a different vulnerability than CVE-2010-3915...

9.3CVSS6.2AI score0.06065EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2010/11/05 12:0 a.m.•4 views

VulnCheck KEV: CVE-2010-3915

Unspecified vulnerability in JustSystems Ichitaro and Ichitaro Government allows remote attackers to execute arbitrary code via a crafted document, a different vulnerability than CVE-2010-3916...

9.3CVSS6.2AI score0.06065EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2010/10/29 12:0 a.m.•4 views

VulnCheck KEV: CVE-2010-3654

Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris and 10.1.95.1 on Android, and authplay.dll aka AuthPlayLib.bundle or libauthplay.so.0.0.0 in Adobe Reader and Acrobat 9.x through 9.4, allows remote attackers to execute arbitrary code or...

9.3CVSS6.2AI score0.69679EPSS
Exploits14References1
VulnCheck KEV
VulnCheck KEV
•added 2010/10/27 12:0 a.m.•8 views

VulnCheck KEV: CVE-2010-3765

Mozilla Firefox, SeaMonkey, and Thunderbird contain an unspecified vulnerability when JavaScript is enabled. This allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation...

9.8CVSS7.7AI score0.83279EPSS
Exploits14References1
VulnCheck KEV
VulnCheck KEV
•added 2010/10/21 12:0 a.m.•3 views

VulnCheck KEV: CVE-2010-3653

The Director module dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a Director movie with a crafted rcsL chunk containing a field whose value is used as a pointer offset, as exploited...

9.3CVSS6.2AI score0.74626EPSS
Exploits9References1
VulnCheck KEV
VulnCheck KEV
•added 2010/10/12 12:0 a.m.•5 views

VulnCheck KEV: CVE-2010-0094

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18 and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March...

7.5CVSS5.8AI score0.81593EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
•added 2010/10/08 12:0 a.m.•36 views

VulnCheck KEV: CVE-2010-3889

Unspecified vulnerability in Microsoft Windows on 32-bit platforms allows local users to gain privileges via unknown vectors, as exploited in the wild in July 2010 by the Stuxnet worm, and identified by Microsoft researchers and other researchers...

7.2CVSS5.8AI score0.01606EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2010/10/08 12:0 a.m.•3 views

VulnCheck KEV: CVE-2010-3888

Unspecified vulnerability in Microsoft Windows on 32-bit platforms allows local users to gain privileges via unknown vectors, as exploited in the wild in July 2010 by the Stuxnet worm, and identified by Kaspersky Lab researchers and other researchers...

7.2CVSS5.8AI score0.03929EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2010/10/01 12:0 a.m.•4 views

VulnCheck KEV: CVE-2010-2568

Microsoft Windows incorrectly parses shortcuts in such a way that malicious code may be executed when the operating system displays the icon of a malicious shortcut file. An attacker who successfully exploited this vulnerability could execute code as the logged-on user...

9.3CVSS7.2AI score0.91324EPSS
Exploits13References1
Total number of security vulnerabilities4985