4985 matches found
VulnCheck KEV: CVE-2009-4324
Use-after-free vulnerability in Adobe Acrobat and Reader allows remote attackers to execute code via a crafted PDF file...
VulnCheck KEV: CVE-2009-3555
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services IIS 7.0, modssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services NSS 3.12.4 and earlier,...
VulnCheck KEV: CVE-2009-0555
Microsoft Windows Media Runtime, as used in DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager ACM, does not properly process Advanced Systems Format ASF files, which allows remote attackers to execute arbitrary code via a crafted audio file that uses...
VulnCheck KEV: CVE-2009-2493
The Active Template Library ATL in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly...
VulnCheck KEV: CVE-2009-3023
Buffer overflow in the FTP Service in Microsoft Internet Information Services IIS 5.0 through 6.0 allows remote authenticated users to execute arbitrary code via a crafted NLST NAME LIST command that uses wildcards, leading to memory corruption, aka "IIS FTP Service RCE and DoS Vulnerability."...
VulnCheck KEV: CVE-2009-3459
Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allows remote attackers to execute arbitrary code via a crafted PDF file that triggers memory corruption, as exploited in the wild in October 2009. NOTE: some of these details are...
VulnCheck KEV: CVE-2008-7168
Insecure method vulnerability in the UUSee UUUpgrade ActiveX control UUUpgrade.ocx 3.0.2.12 allows remote attackers to force the download and overwrite of arbitrary files via crafted arguments to the Update method, as exploited in the wild in June 2009...
VulnCheck KEV: CVE-2009-1923
Heap-based buffer overflow in the Windows Internet Name Service WINS component for Microsoft Windows 2000 SP4 and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted WINS replication packet that triggers an incorrect buffer-length calculation, aka "WINS Heap Overflow...
VulnCheck KEV: CVE-2009-1536
ASP.NET in Microsoft .NET Framework 2.0 SP1 and SP2 and 3.5 Gold and SP1, when ASP 2.0 is used in integrated mode on IIS 7.0, does not properly manage request scheduling, which allows remote attackers to cause a denial of service daemon outage via a series of crafted HTTP requests, aka...
VulnCheck KEV: CVE-2009-3041
SPIP 1.9 before 1.9.2i and 2.0.x through 2.0.8 does not use proper access control for 1 ecrire/exec/install.php and 2 ecrire/index.php, which allows remote attackers to conduct unauthorized activities related to installation and backups, as exploited in the wild in August 2009...
VulnCheck KEV: CVE-2009-0696
The dnsdbfindrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a denial of service assertion failure and daemon exit via an ANY record in the prerequisite...
VulnCheck KEV: CVE-2009-1862
Adobe Acrobat and Reader and Adobe Flash Player allows remote attackers to execute code or cause denial-of-service DoS...
VulnCheck KEV: CVE-2009-1136
The Microsoft Office Web Components Spreadsheet ActiveX control aka OWC10 or OWC11, as distributed in Office XP SP3 and Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and...
VulnCheck KEV: CVE-2008-0015
Microsoft Windows Video ActiveX Control contains a remote code execution vulnerability. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully...
VulnCheck KEV: CVE-2009-2265
Multiple directory traversal vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to create executable files in arbitrary directories via directory traversal sequences in the input to unspecified connector modules, as exploited in the wild for remote code execution in July 2009,...
VulnCheck KEV: CVE-2009-0087
Unspecified vulnerability in the Word 6 text converter in WordPad in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and the Word 6 text converter in Microsoft Office Word 2000 SP3 and 2002 SP3; allows remote attackers to execute arbitrary code via a crafted Word 6 file...
VulnCheck KEV: CVE-2009-1391
Off-by-one error in the inflate function in Zlib.xs in Compress::Raw::Zlib Perl module before 2.017, as used in AMaViS, SpamAssassin, and possibly other products, allows context-dependent attackers to cause a denial of service hang or crash via a crafted zlib compressed stream that triggers a...
VulnCheck KEV: CVE-2009-1537
Unspecified vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted QuickTime media file, as...
VulnCheck KEV: CVE-2009-1800
Stack-based buffer overflow in the Chinagames CGAgent ActiveX control 1.x in CGAgent.dll, as distributed in Chinagames iGame 2009, allows remote attackers to execute arbitrary code via a long argument to the CreateChinagames method, as exploited in the wild in April and May 2009. NOTE: some of...
VulnCheck KEV: CVE-2009-1807
Unspecified vulnerability in Config.dll in Baofeng products 3.09.04.17 and earlier allows remote attackers to execute arbitrary code by calling the SetAttributeValue method, as exploited in the wild in April and May 2009...
VulnCheck KEV: CVE-2009-1612
Stack-based buffer overflow in the MPS.StormPlayer.1 ActiveX control in mps.dll 3.9.4.27 in Baofeng Storm allows remote attackers to execute arbitrary code via a long argument to the OnBeforeVideoDownload method, as exploited in the wild in April and May 2009. NOTE: some of these details are...
VulnCheck KEV: CVE-2009-1481
SQL injection vulnerability in action.asp in PuterJam's Blog PJBlog3 3.0.6.170 allows remote attackers to execute arbitrary SQL commands via the cname parameter in a checkAlias action, as exploited in the wild in April 2009. NOTE: the provenance of this information is unknown; the details...
VulnCheck KEV: CVE-2009-1438
Integer overflow in the CSoundFile::ReadMed function src/loadmed.cpp in libmodplug before 0.8.6, as used in gstreamer-plugins, TTPlayer, and other products, allows context-dependent attackers to execute arbitrary code via a MED file with a crafted 1 song comment or 2 song name, which...
VulnCheck KEV: CVE-2009-1308
Cross-site scripting XSS vulnerability in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey allows remote attackers to inject arbitrary web script or HTML via vectors involving XBL JavaScript bindings and remote stylesheets, as exploited in the wild by a March 2009 eBay listing...
VulnCheck KEV: CVE-2009-0079
The RPCSS service in Microsoft Windows XP SP2 and SP3 and Server 2003 SP1 and SP2 does not properly implement isolation among a set of distinct processes that 1 all run under the NetworkService account or 2 all run under the LocalService account, which allows local users to gain privileges by...
VulnCheck KEV: CVE-2009-0078
The Windows Management Instrumentation WMI provider in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly implement isolation among a set of distinct processes that 1 all run under the NetworkService account or 2 all run under...
VulnCheck KEV: CVE-2009-0080
The ThreadPool class in Windows Vista Gold and SP1, and Server 2008, does not properly implement isolation among a set of distinct processes that 1 all run under the NetworkService account or 2 all run under the LocalService account, which allows local users to gain privileges by leveraging...
VulnCheck KEV: CVE-2008-1436
Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 does not properly assign activities to the 1 NetworkService and 2 LocalService accounts, which might allow context-dependent attackers to gain privileges by using one service process to capture a resource from a second...
VulnCheck KEV: CVE-2009-0556
Microsoft Office PowerPoint contains a code injection vulnerability that allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineTextRefAtom containing an invalid index value that triggers memory corruption...
VulnCheck KEV: CVE-2009-1054
Unspecified vulnerability in JustSystems Ichitaro 13, 2004 through 2008, Lite2, and Ichitaro viewer 5.1.5.0 and earlier allows remote attackers to execute arbitrary code via a crafted file, as exploited in the wild by Trojan.Tarodrop.H in March 2009...
VulnCheck KEV: CVE-2006-6884
Buffer overflow in the WZFILEVIEW.FileViewCtrl.61 ActiveX control aka Sky Software "FileView" ActiveX control for WinZip 10.0 Build 6667 allows remote attackers to execute arbitrary code via a long argument to the CreateNewFolderFromName method, a different vulnerability than CVE-2006-5198...
VulnCheck KEV: CVE-2007-5659
Adobe Acrobat and Reader contain a buffer overflow vulnerability that allows remote attackers to execute code via a PDF file with long arguments to unspecified JavaScript methods...
VulnCheck KEV: CVE-2007-0015
Buffer overflow in Apple QuickTime 7.1.3 allows remote attackers to execute arbitrary code via a long rtsp:// URI...
VulnCheck KEV: CVE-2009-0238
Microsoft Office Excel contains a remote code execution vulnerability that could allow an attacker to take complete control of an affected system if a user opens a specially crafted Excel file that includes a malformed object...
VulnCheck KEV: CVE-2009-0658
Buffer overflow in Adobe Reader 9.0 and earlier, and Acrobat 9.0 and earlier, allows remote attackers to execute arbitrary code via a crafted PDF document, related to a non-JavaScript function call and possibly an embedded JBIG2 image stream, as exploited in the wild in February 2009 by...
VulnCheck KEV: CVE-2009-0259
The Word processor in OpenOffice.org 1.1.2 through 1.1.5 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted 1 .doc, 2 .wri, or 3 .rtf Word 97 file that triggers memory corruption, as exploited in the wild in December 2008, as...
VulnCheck KEV: CVE-2008-4844
Use-after-free vulnerability in the CRecordInstance::TransferToDestination function in mshtml.dll in Microsoft Internet Explorer 5.01, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via DSO bindings involving 1 an XML Island, 2 XML DSOs, or 3 Tabular Data Control TDC in...
VulnCheck KEV: CVE-2008-4841
The WordPad Text Converter for Word 97 files in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted 1 .doc, 2 .wri, or 3 .rtf Word 97 file that triggers memory corruption, as exploited in the wild in December 2008...
VulnCheck KEV: CVE-2008-5227
Unspecified vulnerability in PHPCow allows remote attackers to execute arbitrary code via unknown vectors, related to a "file inclusion vulnerability," as exploited in the wild in November 2008...
VulnCheck KEV: CVE-2008-1446
Integer overflow in the Internet Printing Protocol IPP ISAPI extension in Microsoft Internet Information Services IIS 5.0 through 7.0 on Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to execute arbitrary code via an HTTP POST...
VulnCheck KEV: CVE-2008-4250
The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during path canonicalization, as exploited in the...
VulnCheck KEV: CVE-2008-2463
The Microsoft Office Snapshot Viewer ActiveX control in snapview.ocx 10.0.5529.0, as distributed in the standalone Snapshot Viewer and Microsoft Office Access 2000 through 2003, allows remote attackers to download arbitrary files to a client machine via a crafted HTML document or e-mail...
VulnCheck KEV: CVE-2008-0081
Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted macros, aka "Macro Validation Vulnerability," a different vulnerability than CVE-2007-3490...
VulnCheck KEV: CVE-2006-5758
The Graphics Rendering Engine in Microsoft Windows 2000 through 2000 SP4 and Windows XP through SP2 maps GDI Kernel structures on a global shared memory section that is mapped with read-only permissions, but can be remapped by other processes as read-write, which allows local users to cause a...
VulnCheck KEV: CVE-2008-3919
Unspecified vulnerability in multiple JustSystems Ichitaro products allows remote attackers to execute arbitrary code via a crafted JTD document, as exploited in the wild in August 2008...
VulnCheck KEV: CVE-2008-3873
The System.setClipboard method in ActionScript in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to populate the clipboard with a URL that is difficult to delete and does not require user interaction to populate the clipboard, as exploited in the wild in August 2008...
VulnCheck KEV: CVE-2007-4752
ssh in OpenSSH before 4.7 does not properly handle when an untrusted cookie cannot be created and uses a trusted X11 cookie instead, which allows attackers to violate intended policy and gain privileges by causing an X client to be treated as trusted...
VulnCheck KEV: CVE-2008-3704
Heap-based buffer overflow in the MaskedEdit ActiveX control in Msmask32.ocx 6.0.81.69, and possibly other versions before 6.0.84.18, in Microsoft Visual Studio 6.0, Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allows remote attackers...
VulnCheck KEV: CVE-2008-3681
components/comuser/models/reset.php in Joomla! 1.5 through 1.5.5 does not properly validate reset tokens, which allows remote attackers to reset the "first enabled user lowest id" password, typically for the administrator...
VulnCheck KEV: CVE-2008-2244
Microsoft Office Word 2002 SP3 allows remote attackers to execute arbitrary code via a .doc file that contains malformed data, as exploited in the wild in July 2008, and as demonstrated by attachement.doc...