4985 matches found
VulnCheck KEV: CVE-2011-2462
The Universal 3D U3D component in Adobe Reader and Acrobat contains a memory corruption vulnerability which could allow remote attackers to execute code or cause denial-of-service DoS...
VulnCheck KEV: CVE-2011-3402
Microsoft Windows Kernel contains an unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers that allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page...
VulnCheck KEV: CVE-2011-4075
The masort function in lib/functions.php in phpLDAPadmin 1.2.x before 1.2.2 allows remote attackers to execute arbitrary PHP code via the orderby parameter aka sortby variable in a queryengine action to cmd.php, as exploited in the wild in October 2011...
VulnCheck KEV: CVE-2010-3332
Microsoft .NET Framework 1.1 SP1, 2.0 SP1 and SP2, 3.5, 3.5 SP1, 3.5.1, and 4.0, as used for ASP.NET in Microsoft Internet Information Services IIS, provides detailed error codes during decryption attempts, which allows remote attackers to decrypt and modify encrypted View State aka...
VulnCheck KEV: CVE-2014-7235
htdocsari/includes/login.php in the ARI Framework module/Asterisk Recording Interface ARI in FreePBX before 2.9.0.9, 2.10.x, and 2.11 before 2.11.1.5 allows remote attackers to execute arbitrary code via the ariauth cookie, related to the PHP unserialize function, as exploited in the wild...
VulnCheck KEV: CVE-2011-2444
Cross-site scripting XSS vulnerability in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, related to a "universal cross-site scripting issue," as...
VulnCheck KEV: CVE-2007-4748
Buffer overflow in the PowerPlayer.dll ActiveX control in PPStream 2.0.1.3829 allows remote attackers to execute arbitrary code via a long Logo parameter...
VulnCheck KEV: CVE-2007-4105
A certain ActiveX control in BaiduBar.dll in Baidu Soba Search Bar 5.4 allows remote attackers to execute arbitrary code via a request containing "a link to download and a file to execute," possibly involving remote file inclusion...
VulnCheck KEV: CVE-2007-4816
Multiple buffer overflows in the BaoFeng2 storm ActiveX control in Mps.dll allow remote attackers to have an unknown impact via a long 1 URL, 2 backImage, or 3 titleImage property value; 4 a long first argument to the advancedOpen method; a long argument to the 5 isDVDPath or 6...
VulnCheck KEV: CVE-2007-6144
Heap-based buffer overflow in the PPlayer.XPPlayer.1 ActiveX control in pplayer.dll1work in Xunlei Thunder 5.7.4.401 allows remote attackers to execute arbitrary code via a long string in a FlvPlayerUrl property value. NOTE: some of these details are obtained from third party information...
VulnCheck KEV: CVE-2011-3192
The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service memory and CPU consumption via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a...
VulnCheck KEV: CVE-2011-1968
The Remote Desktop Protocol RDP implementation in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 does not properly process packets in memory, which allows remote attackers to cause a denial of service reboot by sending crafted RDP packets triggering access to an object that...
VulnCheck KEV: CVE-2011-2900
Stack-based buffer overflow in the 1 putdir function in mongoose.c in Mongoose 3.0, 2 putdir function in yasslEWS.c in yaSSL Embedded Web Server yasslEWS 0.2, and 3 shttpdputdir function in iodir.c in Simple HTTPD shttpd 1.42 allows remote attackers to execute arbitrary code via...
VulnCheck KEV: CVE-2010-1871
JBoss Seam 2 jboss-seam2, as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, allows attackers to perform remote code execution. This vulnerability can only be exploited when the Java Security Manager is not properly configured...
VulnCheck KEV: CVE-2009-1151
Setup script used to generate configuration can be fooled using a crafted POST request to include arbitrary PHP code in generated configuration file...
VulnCheck KEV: CVE-2010-0840
Unspecified vulnerability in the Java Runtime Environment JRE in Java SE component allows remote attackers to affect confidentiality, integrity, and availability via Unknown vectors...
VulnCheck KEV: CVE-2010-1885
The MPC::HexToNum function in helpctr.exe in Microsoft Windows Help and Support Center in Windows XP and Windows Server 2003 does not properly handle malformed escape sequences, which allows remote attackers to bypass the trusted documents whitelist fromHCP option and execute arbitrary commands...
VulnCheck KEV: CVE-2011-0226
Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a...
VulnCheck KEV: CVE-2011-1331
JustSystems Ichitaro 2005 through 2011, Ichitaro Government 6, Ichitaro Government 2006 through 2010, Ichitaro Portable, Ichitaro Pro, and Ichitaro Viewer allow remote attackers to execute arbitrary code or cause a denial of service heap memory corruption via a crafted document, as exploited in...
VulnCheck KEV: CVE-2011-1249
The Ancillary Function Driver AFD in afd.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows local users to gain privileges...
VulnCheck KEV: CVE-2010-4452
Unspecified vulnerability in the Deployment component in Java Runtime Environment JRE in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown...
VulnCheck KEV: CVE-2011-2110
Adobe Flash Player before 10.3.181.26 on Windows, Mac OS X, Linux, and Solaris, and 10.3.185.23 and earlier on Android, allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via unspecified vectors, as exploited in the wild in June 2011...
VulnCheck KEV: CVE-2009-5076
CRE Loaded before 6.2.14, and possibly other versions before 6.3.x, allows remote attackers to bypass authentication and gain administrator privileges via a request with 1 login.php or 2 passwordforgotten.php appended as the PATHINFO, which bypasses a check that uses PHPSELF, which is...
VulnCheck KEV: CVE-2011-2107
Cross-site scripting XSS vulnerability in Adobe Flash Player before 10.3.181.22 on Windows, Mac OS X, Linux, and Solaris, and 10.3.185.22 and earlier on Android, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "universal cross-site...
VulnCheck KEV: CVE-2011-1950
plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users to modify the properties of arbitrary accounts via unspecified vectors, as exploited in the wild in June 2011...
VulnCheck KEV: CVE-2011-1752
The moddavsvn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via a request for a baselined WebDAV resource, as exploited in the wild in May 2011...
VulnCheck KEV: CVE-2011-0094
Use-after-free vulnerability in Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code by accessing an object that 1 was not properly initialized or 2 is deleted, aka "Layouts Handling Memory Corruption Vulnerability."...
VulnCheck KEV: CVE-2011-1345
Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that 1 was not properly initialized or 2 is deleted, as demonstrated by Stephen Fewer as the first of three chained...
VulnCheck KEV: CVE-2011-0627
Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via crafted Flash content, as possibly exploited in the wild in May 2011 by a...
VulnCheck KEV: CVE-2008-1898
A certain ActiveX control in WkImgSrv.dll 7.03.0616.0, as distributed in Microsoft Works 7 and Microsoft Office 2003 and 2007, allows remote attackers to execute arbitrary code or cause a denial of service browser crash via an invalid WksPictureInterface property value, which triggers an...
VulnCheck KEV: CVE-2011-0611
Adobe Flash Player contains a vulnerability that allows remote attackers to execute arbitrary code or cause a denial of service application crash via crafted Flash content...
VulnCheck KEV: CVE-2011-0096
The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle a MIME format in a request for content blocks in a document, which allows remote...
VulnCheck KEV: CVE-2011-1722
Multiple SQL injection vulnerabilities in WEC Discussion Forum wecdiscussion extension 2.1.0 and earlier for TYPO3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild in April 2011...
VulnCheck KEV: CVE-2011-0609
Adobe Flash Player contains an unspecified vulnerability that allows remote attackers to execute code or cause denial-of-service DoS...
VulnCheck KEV: CVE-2010-3971
Use-after-free vulnerability in the CSharedStyleSheet::Notify function in the Cascading Style Sheets CSS parser in mshtml.dll, as used in Microsoft Internet Explorer 6 through 8 and other products, allows remote attackers to execute arbitrary code or cause a denial of service application...
VulnCheck KEV: CVE-2011-10041
Uploadify WordPress plugin versions up to and including 1.0 contain an arbitrary file upload vulnerability in processupload.php due to missing file type validation. An unauthenticated remote attacker can upload arbitrary files to the affected WordPress site, which may allow remote code execution...
VulnCheck KEV: CVE-2011-1035
The password reset in PivotX before 2.2.4 allows remote attackers to modify the passwords of arbitrary users via unspecified vectors...
VulnCheck KEV: CVE-2010-4344
Heap-based buffer overflow in the stringvformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session...
VulnCheck KEV: CVE-2010-4345
Exim allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands...
VulnCheck KEV: CVE-2010-4270
Directory traversal vulnerability in the nBill comnetinvoice component before 2.0.9 standard edition, 2.0.10 lite edition, and 1.210 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in unspecified vectors related to 1...
VulnCheck KEV: CVE-2010-3962
Microsoft Internet Explorer contains an uninitialized memory corruption vulnerability that could allow for remote code execution. The impacted product could be end-of-life EoL and/or end-of-service EoS. Users should discontinue product utilization...
VulnCheck KEV: CVE-2010-3916
Unspecified vulnerability in JustSystems Ichitaro and Ichitaro Government allows remote attackers to execute arbitrary code via a crafted document, a different vulnerability than CVE-2010-3915...
VulnCheck KEV: CVE-2010-3915
Unspecified vulnerability in JustSystems Ichitaro and Ichitaro Government allows remote attackers to execute arbitrary code via a crafted document, a different vulnerability than CVE-2010-3916...
VulnCheck KEV: CVE-2010-3654
Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris and 10.1.95.1 on Android, and authplay.dll aka AuthPlayLib.bundle or libauthplay.so.0.0.0 in Adobe Reader and Acrobat 9.x through 9.4, allows remote attackers to execute arbitrary code or...
VulnCheck KEV: CVE-2010-3765
Mozilla Firefox, SeaMonkey, and Thunderbird contain an unspecified vulnerability when JavaScript is enabled. This allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation...
VulnCheck KEV: CVE-2010-3653
The Director module dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a Director movie with a crafted rcsL chunk containing a field whose value is used as a pointer offset, as exploited...
VulnCheck KEV: CVE-2010-0094
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18 and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March...
VulnCheck KEV: CVE-2010-3889
Unspecified vulnerability in Microsoft Windows on 32-bit platforms allows local users to gain privileges via unknown vectors, as exploited in the wild in July 2010 by the Stuxnet worm, and identified by Microsoft researchers and other researchers...
VulnCheck KEV: CVE-2010-3888
Unspecified vulnerability in Microsoft Windows on 32-bit platforms allows local users to gain privileges via unknown vectors, as exploited in the wild in July 2010 by the Stuxnet worm, and identified by Kaspersky Lab researchers and other researchers...
VulnCheck KEV: CVE-2010-2568
Microsoft Windows incorrectly parses shortcuts in such a way that malicious code may be executed when the operating system displays the icon of a malicious shortcut file. An attacker who successfully exploited this vulnerability could execute code as the logged-on user...