Lucene search
K
Vulncheck KevRecent

4985 matches found

VulnCheck KEV
VulnCheck KEV
added 2010/10/01 12:0 a.m.1 views

VulnCheck KEV: CVE-2010-2772

Siemens Simatic WinCC and PCS 7 SCADA system uses a hard-coded password, which allows local users to access a back-end database and gain privileges, as demonstrated in the wild in July 2010 by the Stuxnet worm, a different vulnerability than CVE-2010-2568...

9.3CVSS7.1AI score0.91324EPSS
Exploits15References1
VulnCheck KEV
VulnCheck KEV
added 2010/09/15 12:0 a.m.5 views

VulnCheck KEV: CVE-2010-2884

Adobe Flash Player 10.1.82.76 and earlier on Windows, Mac OS X, Linux, and Solaris and 10.1.92.10 on Android; authplay.dll in Adobe Reader and Acrobat 9.x before 9.4; and authplay.dll in Adobe Reader and Acrobat 8.x before 8.2.5 on Windows and Mac OS X allow remote attackers to execute...

9.3CVSS7.3AI score0.15621EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2010/09/15 12:0 a.m.4 views

VulnCheck KEV: CVE-2010-2729

The Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when printer sharing is enabled, does not properly validate spooler access permissions, which allows remote attackers to...

9.3CVSS7.3AI score0.75636EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
added 2010/09/15 12:0 a.m.4 views

VulnCheck KEV: CVE-2010-3081

The compatallocuserspace functions in include/asm/compat.h files in the Linux kernel before 2.6.36-rc4-git2 on 64-bit platforms do not properly allocate the userspace memory required for the 32-bit compatibility layer, which allows local users to gain privileges by leveraging the ability of...

7.8CVSS7.1AI score0.03533EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
added 2010/09/09 12:0 a.m.4 views

VulnCheck KEV: CVE-2010-2883

Adobe Acrobat and Reader contain a stack-based buffer overflow vulnerability that allows remote attackers to execute code or cause denial-of-service DoS...

9.3CVSS7.8AI score0.82485EPSS
Exploits13References1
VulnCheck KEV
VulnCheck KEV
added 2010/08/19 12:0 a.m.4 views

VulnCheck KEV: CVE-2010-2099

bbcode/php.bb in e107 0.7.20 and earlier does not perform access control checks for all inputs that could contain the php bbcode tag, which allows remote attackers to execute arbitrary PHP code, as demonstrated using the toEmail method in contact.php, related to invocations of the toHTML method...

7.5CVSS6.1AI score0.04866EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2010/08/12 12:0 a.m.2 views

VulnCheck KEV: CVE-2008-0600

The vmsplicetopipe function in Linux kernel 2.6.17 through 2.6.24.1 does not validate a certain userspace pointer before dereference, which allows local users to gain root privileges via crafted arguments in a vmsplice system call, a different vulnerability than CVE-2008-0009 and CVE-2008-0010...

7.2CVSS5.8AI score0.0354EPSS
Exploits7References1
VulnCheck KEV
VulnCheck KEV
added 2010/08/05 12:0 a.m.4 views

VulnCheck KEV: CVE-2010-1797

Multiple stack-based buffer overflows in the cffdecoderparsecharstrings function in the CFF Type2 CharStrings interpreter in cff/cffgload.c in FreeType before 2.4.2, as used in Apple iOS before 4.0.2 on the iPhone and iPod touch and before 3.2.2 on the iPad, allow remote attackers to execute...

9.3CVSS6.1AI score0.30653EPSS
Exploits7References1
VulnCheck KEV
VulnCheck KEV
added 2010/06/08 12:0 a.m.3 views

VulnCheck KEV: CVE-2010-1297

Adobe Flash Player contains a memory corruption vulnerability that allows remote attackers to execute code or cause denial-of-service DoS...

9.3CVSS7.4AI score0.82365EPSS
Exploits22References1
VulnCheck KEV
VulnCheck KEV
added 2010/06/08 12:0 a.m.2 views

VulnCheck KEV: CVE-2010-0817

Cross-site scripting XSS vulnerability in layouts/help.aspx in Microsoft SharePoint Server 2007 12.0.0.6421 and possibly earlier, and SharePoint Services 3.0 SP1 and SP2, versions, allows remote attackers to inject arbitrary web script or HTML via the cid0 parameter...

4.3CVSS5.9AI score0.28707EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2010/06/03 12:0 a.m.4 views

VulnCheck KEV: CVE-2010-0886

Unspecified vulnerability in the Java Deployment Toolkit component in Oracle Java SE and Java for Business JDK and JRE 6 Update 10 through 19 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors...

10CVSS7.5AI score0.69949EPSS
Exploits7References1
VulnCheck KEV
VulnCheck KEV
added 2010/05/01 12:0 a.m.5 views

VulnCheck KEV: CVE-2006-3677

Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote attackers to execute arbitrary code by changing certain properties of the window navigator object window.navigator that are accessed when Java starts up, which causes a crash that leads to code execution...

7.5CVSS6.2AI score0.78359EPSS
Exploits11References1
VulnCheck KEV
VulnCheck KEV
added 2010/05/01 12:0 a.m.3 views

VulnCheck KEV: CVE-2008-1490

Buffer overflow in a certain Aurigma ActiveX control in ImageUploader4.ocx 4.1.36.0, as used with Piczo aka Pizco and possibly other online services, allows remote attackers to execute arbitrary code via unspecified vectors, possibly involving a long Action property, a different CLSID than...

9.3CVSS6.3AI score0.0397EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2010/05/01 12:0 a.m.3 views

VulnCheck KEV: CVE-2009-2477

js/src/jstracer.cpp in the Just-in-time JIT JavaScript compiler aka TraceMonkey in Mozilla Firefox 3.5 before 3.5.1 allows remote attackers to execute arbitrary code via certain use of the escape function that triggers access to uninitialized memory locations, as originally demonstrated by...

9.3CVSS6.2AI score0.42689EPSS
Exploits9References1
VulnCheck KEV
VulnCheck KEV
added 2010/05/01 12:0 a.m.3 views

VulnCheck KEV: CVE-2008-1472

Stack-based buffer overflow in the ListCtrl ActiveX Control ListCtrl.ocx, as used in multiple CA products including BrightStor ARCserve Backup R11.5, Desktop Management Suite r11.1 through r11.2, and Unicenter products r11.1 through r11.2, allows remote attackers to execute arbitrary code or...

9.3CVSS6.4AI score0.3901EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
added 2010/05/01 12:0 a.m.5 views

VulnCheck KEV: CVE-2007-3148

Buffer overflow in the Yahoo! Webcam Viewer ActiveX control in ywcvwr.dll 2.0.1.4 for Yahoo! Messenger 8.1.0.249 allows remote attackers to execute arbitrary code via a long server property value to the receive method...

9.3CVSS6.2AI score0.12339EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
added 2010/05/01 12:0 a.m.8 views

VulnCheck KEV: CVE-2006-0005

Buffer overflow in the plug-in for Microsoft Windows Media Player WMP 9 and 10, when used in browsers other than Internet Explorer and set as the default application to handle media files, allows remote attackers to execute arbitrary code via HTML with an EMBED element containing a long src...

9.3CVSS6.2AI score0.43861EPSS
Exploits8References1
VulnCheck KEV
VulnCheck KEV
added 2010/05/01 12:0 a.m.4 views

VulnCheck KEV: CVE-2007-2496

The WordOCX ActiveX control in WordViewer.ocx 3.2.0.5 allows remote attackers to cause a denial of service Internet Explorer 7 crash via a long 1 DoOleCommand, 2 FTPDownloadFile, 3 FTPUploadFile, 4 HttpUploadFile, 5 GotoPage, 6 Save, 7 SaveWebFile, 8 HttpDownloadFile, 9...

7.8CVSS5.8AI score0.03826EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2010/05/01 12:0 a.m.4 views

VulnCheck KEV: CVE-2006-5559

The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control objects ADODB.Connection.2.7 and ADODB.Connection.2.8 in the Microsoft Data Access Components MDAC 2.5 SP3, 2.7 SP1, 2.8, and 2.8 SP1 does not properly track freed memory when the second argument is a BSTR, which allows...

9.3CVSS5.8AI score0.43785EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2010/05/01 12:0 a.m.4 views

VulnCheck KEV: CVE-2004-1049

Integer overflow in the LoadImage API of the USER32 Lib for Microsoft Windows allows remote attackers to execute arbitrary code via a .bmp, .cur, .ico or .ani file with a large image size field, which leads to a buffer overflow, aka the "Cursor and Icon Format Handling Vulnerability."...

5.1CVSS6.4AI score0.29743EPSS
Exploits13References1
VulnCheck KEV
VulnCheck KEV
added 2010/05/01 12:0 a.m.4 views

VulnCheck KEV: CVE-2007-6166

Stack-based buffer overflow in Apple QuickTime before 7.3.1, as used in QuickTime Player on Windows XP and Safari on Mac OS X, allows remote Real Time Streaming Protocol RTSP servers to execute arbitrary code via an RTSP response with a long Content-Type header...

9.3CVSS6.4AI score0.41916EPSS
Exploits10References1
VulnCheck KEV
VulnCheck KEV
added 2010/05/01 12:0 a.m.5 views

VulnCheck KEV: CVE-2008-3008

Stack-based buffer overflow in the WMEncProfileManager ActiveX control in wmex.dll in Microsoft Windows Media Encoder 9 Series allows remote attackers to execute arbitrary code via a long first argument to the GetDetailsString method, aka "Windows Media Encoder Buffer Overrun Vulnerability."...

9.3CVSS6.5AI score0.54553EPSS
Exploits9References1
VulnCheck KEV
VulnCheck KEV
added 2010/05/01 12:0 a.m.5 views

VulnCheck KEV: CVE-2010-0188

Unspecified vulnerability in Adobe Reader and Acrobat allows attackers to cause a denial of service or possibly execute arbitrary code...

9.3CVSS7.5AI score0.88246EPSS
Exploits12References1
VulnCheck KEV
VulnCheck KEV
added 2010/05/01 12:0 a.m.2 views

VulnCheck KEV: CVE-2003-0111

The ByteCode Verifier component of Microsoft Virtual Machine VM build 5.0.3809 and earlier, as used in Windows and Internet Explorer, allows remote attackers to bypass security checks and execute arbitrary code via a malicious Java applet, aka "Flaw in Microsoft VM Could Enable System Compromise....

7.5CVSS6.1AI score0.41212EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2010/05/01 12:0 a.m.3 views

VulnCheck KEV: CVE-2006-6027

Adobe Reader Adobe Acrobat Reader 7.0 through 7.0.8 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long argument string to the LoadFile method in an AcroPDF ActiveX control...

9.3CVSS6.2AI score0.42952EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2010/05/01 12:0 a.m.2 views

VulnCheck KEV: CVE-2004-0431

Integer overflow in Apple QuickTime QuickTime.qts before 6.5.1 allows attackers to execute arbitrary code via a large "number of entries" field in the sample-to-chunk table data for a .mov movie file, which leads to a heap-based buffer overflow...

5.1CVSS6.5AI score0.03243EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2010/05/01 12:0 a.m.3 views

VulnCheck KEV: CVE-2007-4367

Opera before 9.23 allows remote attackers to execute arbitrary code via crafted Javascript that triggers a "virtual function call on an invalid pointer."...

9.3CVSS6.2AI score0.08248EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2010/05/01 12:0 a.m.3 views

VulnCheck KEV: CVE-2007-6250

Stack-based buffer overflow in AOL AOLMediaPlaybackControl AOLMediaPlaybackControl.exe, as used by AmpX ActiveX control AmpX.dll, might allow remote attackers to execute arbitrary code via the AppendFileToPlayList method...

9.3CVSS6.5AI score0.24341EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2010/05/01 12:0 a.m.3 views

VulnCheck KEV: CVE-2009-3867

Stack-based buffer overflow in the HsbParser.getSoundBank function in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.127, and SDK and JRE 1.4.x before 1.4.224 allows remote attackers to execute arbitrary code via a long file: URL in...

9.3CVSS6.4AI score0.73376EPSS
Exploits11References1
VulnCheck KEV
VulnCheck KEV
added 2010/05/01 12:0 a.m.3 views

VulnCheck KEV: CVE-2009-0075

Microsoft Internet Explorer 7 does not properly handle errors during attempted access to deleted objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to CFunctionPointer and the appending of document objects, aka "Uninitialized Memory Corruption...

9.3CVSS6.2AI score0.85277EPSS
Exploits9References1
VulnCheck KEV
VulnCheck KEV
added 2010/05/01 12:0 a.m.4 views

VulnCheck KEV: CVE-2006-3643

Cross-site scripting XSS vulnerability in Internet Explorer 5.01 and 6 in Microsoft Windows 2000 SP4 permits access to local "HTML-embedded resource files" in the Microsoft Management Console MMC library, which allows remote authenticated users to execute arbitrary commands, aka "MMC Redirect...

6CVSS6.1AI score0.20488EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2010/05/01 12:0 a.m.3 views

VulnCheck KEV: CVE-2007-3147

Buffer overflow in the Yahoo! Webcam Upload ActiveX control in ywcupl.dll 2.0.1.4 for Yahoo! Messenger 8.1.0.249 allows remote attackers to execute arbitrary code via a long server property value to the send method. NOTE: some of these details are obtained from third party information...

9.3CVSS6.2AI score0.40374EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
added 2010/05/01 12:0 a.m.4 views

VulnCheck KEV: CVE-2006-5567

Multiple heap-based buffer overflows in AOL Nullsoft WinAmp before 5.31 allow user-assisted remote attackers to execute arbitrary code via a crafted 1 ultravox-max-msg header to the Ultravox protocol handler or 2 unspecified Lyrics3 tags...

9.3CVSS6.4AI score0.13478EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2010/05/01 12:0 a.m.5 views

VulnCheck KEV: CVE-2007-2987

Multiple buffer overflows in certain ActiveX controls in sasatl.dll in Zenturi ProgramChecker allow remote attackers to execute arbitrary code via unspecified vectors, possibly involving the 1 DebugMsgLog or 2 DoFileProperties methods...

9.3CVSS6.4AI score0.32704EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
added 2010/05/01 12:0 a.m.9 views

VulnCheck KEV: CVE-2006-0003

Unspecified vulnerability in the RDS.Dataspace ActiveX control, which is contained in ActiveX Data Objects ADO and distributed in Microsoft Data Access Components MDAC 2.7 and 2.8, allows remote attackers to execute arbitrary code via unknown attack vectors...

5.1CVSS7.8AI score0.825EPSS
Exploits6References1
VulnCheck KEV
VulnCheck KEV
added 2010/05/01 12:0 a.m.3 views

VulnCheck KEV: CVE-2007-5601

Stack-based buffer overflow in the Database Component in MPAMedia.dll in RealNetworks RealPlayer 10.5 and 11 beta, and earlier versions including 10, RealOne Player, and RealOne Player 2, allows remote attackers to execute arbitrary code via certain playlist names, as demonstrated via the...

9.3CVSS6.4AI score0.42365EPSS
Exploits9References1
VulnCheck KEV
VulnCheck KEV
added 2010/05/01 12:0 a.m.8 views

VulnCheck KEV: CVE-2009-1930

The Telnet service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote Telnet servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, aka "Telnet Credential...

10CVSS6.2AI score0.41388EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
added 2010/04/20 12:0 a.m.4 views

VulnCheck KEV: CVE-2010-1164

Multiple cross-site scripting XSS vulnerabilities in Atlassian JIRA 3.12 through 4.1 allow remote attackers to inject arbitrary web script or HTML via the 1 element or 2 defaultColor parameter to the Colour Picker page; the 3 formName parameter, 4 element parameter, or 5 full name...

4.3CVSS5.9AI score0.02235EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2010/04/20 12:0 a.m.5 views

VulnCheck KEV: CVE-2010-1165

Atlassian JIRA 3.12 through 4.1 allows remote authenticated administrators to execute arbitrary code by modifying the 1 attachment aka attachments, 2 index aka indexing, or 3 backup path and then uploading a file, as exploited in the wild in April 2010...

9CVSS6.2AI score0.04436EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2010/03/10 12:0 a.m.4 views

VulnCheck KEV: CVE-2010-0806

Use-after-free vulnerability in the Peer Objects component aka iepeers.dll in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010,...

9.3CVSS6.2AI score0.82172EPSS
Exploits15References1
VulnCheck KEV
VulnCheck KEV
added 2010/02/15 12:0 a.m.3 views

VulnCheck KEV: CVE-2000-0322

The passwd.php3 CGI script in the Red Hat Piranha Virtual Server Package allows local users to execute arbitrary commands via shell metacharacters...

10CVSS6.1AI score0.41632EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
added 2010/02/15 12:0 a.m.4 views

VulnCheck KEV: CVE-2000-0248

The web GUI for the Linux Virtual Server LVS software in the Red Hat Linux Piranha package has a backdoor password that allows remote attackers to execute arbitrary commands...

10CVSS6.2AI score0.73662EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2010/01/20 12:0 a.m.3 views

VulnCheck KEV: CVE-2009-0927

Stack-based buffer overflow in Adobe Reader and Adobe Acrobat allows remote attackers to execute arbitrary code...

9.3CVSS7.9AI score0.96632EPSS
Exploits14References1
VulnCheck KEV
VulnCheck KEV
added 2010/01/20 12:0 a.m.4 views

VulnCheck KEV: CVE-2009-1493

The customDictionaryOpen spell method in the JavaScript API in Adobe Reader 9.1, 8.1.4, 7.1.1, and earlier on Linux and UNIX allows remote attackers to cause a denial of service memory corruption or execute arbitrary code via a PDF file that triggers a call to this method with a long string...

6.8CVSS6.2AI score0.21826EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
added 2010/01/20 12:0 a.m.5 views

VulnCheck KEV: CVE-2008-2042

The Javascript API in Adobe Acrobat Professional 7.0.9 and possibly 8.1.1 exposes a dangerous method, which allows remote attackers to execute arbitrary commands or trigger a buffer overflow via a crafted PDF file that invokes app.checkForUpdate with a malicious callback function...

9.3CVSS6.4AI score0.05014EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2010/01/20 12:0 a.m.4 views

VulnCheck KEV: CVE-2009-2990

Array index error in Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 might allow attackers to execute arbitrary code via unspecified vectors...

9.3CVSS6.2AI score0.6845EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
added 2010/01/20 12:0 a.m.3 views

VulnCheck KEV: CVE-2009-1492

The getAnnots Doc method in the JavaScript API in Adobe Reader and Acrobat 9.1, 8.1.4, 7.1.1, and earlier allows remote attackers to cause a denial of service memory corruption or execute arbitrary code via a PDF file that contains an annotation, and has an OpenAction entry with JavaScript code...

9.3CVSS6.2AI score0.25522EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
added 2010/01/20 12:0 a.m.3 views

VulnCheck KEV: CVE-2008-2992

Adobe Acrobat and Reader contain an input validation issue in a JavaScript method that could potentially lead to remote code execution...

9.3CVSS7.5AI score0.98482EPSS
Exploits19References1
VulnCheck KEV
VulnCheck KEV
added 2010/01/15 12:0 a.m.3 views

VulnCheck KEV: CVE-2010-0249

Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4; Windows XP SP2 and SP3; Windows Server 2003 SP2; Windows Vista Gold, SP1, and SP2; Windows Server 2008 Gold, SP2, and R2; and Windows 7 allows remote attackers to execute arbitrary code by...

9.3CVSS7.7AI score0.91885EPSS
Exploits16References1
VulnCheck KEV
VulnCheck KEV
added 2010/01/05 12:0 a.m.4 views

VulnCheck KEV: CVE-2008-5353

The Java Runtime Environment JRE for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.218 and earlier does not properly enforce context of ZoneInfo objects during deserialization, which allows remote attackers to run untrusted applets and...

10CVSS7.1AI score0.84807EPSS
Exploits19References1
Total number of security vulnerabilities4985