Lucene search
K
Vulncheck KevRecent

4985 matches found

VulnCheck KEV
VulnCheck KEV
•added 2009/12/15 12:0 a.m.•3 views

VulnCheck KEV: CVE-2009-4324

Use-after-free vulnerability in Adobe Acrobat and Reader allows remote attackers to execute code via a crafted PDF file...

9.3CVSS7.3AI score0.81933EPSS
Exploits21References1
VulnCheck KEV
VulnCheck KEV
•added 2009/11/18 12:0 a.m.•7 views

VulnCheck KEV: CVE-2009-3555

The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services IIS 7.0, modssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services NSS 3.12.4 and earlier,...

5.8CVSS6.9AI score0.87264EPSS
Exploits14References1
VulnCheck KEV
VulnCheck KEV
•added 2009/11/10 12:0 a.m.•3 views

VulnCheck KEV: CVE-2009-0555

Microsoft Windows Media Runtime, as used in DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager ACM, does not properly process Advanced Systems Format ASF files, which allows remote attackers to execute arbitrary code via a crafted audio file that uses...

9.3CVSS6.2AI score0.27086EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2009/11/04 12:0 a.m.•3 views

VulnCheck KEV: CVE-2009-2493

The Active Template Library ATL in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly...

9.3CVSS5.8AI score0.43389EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2009/10/19 12:0 a.m.•4 views

VulnCheck KEV: CVE-2009-3023

Buffer overflow in the FTP Service in Microsoft Internet Information Services IIS 5.0 through 6.0 allows remote authenticated users to execute arbitrary code via a crafted NLST NAME LIST command that uses wildcards, leading to memory corruption, aka "IIS FTP Service RCE and DoS Vulnerability."...

9CVSS6.2AI score0.90913EPSS
Exploits11References1
VulnCheck KEV
VulnCheck KEV
•added 2009/10/13 12:0 a.m.•5 views

VulnCheck KEV: CVE-2009-3459

Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allows remote attackers to execute arbitrary code via a crafted PDF file that triggers memory corruption, as exploited in the wild in October 2009. NOTE: some of these details are...

9.3CVSS6.5AI score0.86468EPSS
Exploits12References1
VulnCheck KEV
VulnCheck KEV
•added 2009/09/08 12:0 a.m.•3 views

VulnCheck KEV: CVE-2008-7168

Insecure method vulnerability in the UUSee UUUpgrade ActiveX control UUUpgrade.ocx 3.0.2.12 allows remote attackers to force the download and overwrite of arbitrary files via crafted arguments to the Update method, as exploited in the wild in June 2009...

9.3CVSS5.9AI score0.05647EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2009/08/18 12:0 a.m.•8 views

VulnCheck KEV: CVE-2009-1923

Heap-based buffer overflow in the Windows Internet Name Service WINS component for Microsoft Windows 2000 SP4 and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted WINS replication packet that triggers an incorrect buffer-length calculation, aka "WINS Heap Overflow...

9.3CVSS6.4AI score0.24658EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2009/08/13 12:0 a.m.•4 views

VulnCheck KEV: CVE-2009-1536

ASP.NET in Microsoft .NET Framework 2.0 SP1 and SP2 and 3.5 Gold and SP1, when ASP 2.0 is used in integrated mode on IIS 7.0, does not properly manage request scheduling, which allows remote attackers to cause a denial of service daemon outage via a series of crafted HTTP requests, aka...

2.6CVSS5.8AI score0.51316EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2009/08/06 12:0 a.m.•4 views

VulnCheck KEV: CVE-2009-3041

SPIP 1.9 before 1.9.2i and 2.0.x through 2.0.8 does not use proper access control for 1 ecrire/exec/install.php and 2 ecrire/index.php, which allows remote attackers to conduct unauthorized activities related to installation and backups, as exploited in the wild in August 2009...

7.5CVSS5.8AI score0.06589EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2009/07/29 12:0 a.m.•5 views

VulnCheck KEV: CVE-2009-0696

The dnsdbfindrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a denial of service assertion failure and daemon exit via an ANY record in the prerequisite...

4.3CVSS6.7AI score0.12649EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2009/07/23 12:0 a.m.•3 views

VulnCheck KEV: CVE-2009-1862

Adobe Acrobat and Reader and Adobe Flash Player allows remote attackers to execute code or cause denial-of-service DoS...

9.3CVSS6AI score0.25006EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
•added 2009/07/15 12:0 a.m.•3 views

VulnCheck KEV: CVE-2009-1136

The Microsoft Office Web Components Spreadsheet ActiveX control aka OWC10 or OWC11, as distributed in Office XP SP3 and Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and...

9.3CVSS5.8AI score0.6202EPSS
Exploits11References1
VulnCheck KEV
VulnCheck KEV
•added 2009/07/07 12:0 a.m.•3 views

VulnCheck KEV: CVE-2008-0015

Microsoft Windows Video ActiveX Control contains a remote code execution vulnerability. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully...

9.3CVSS6.6AI score0.76647EPSS
Exploits10References1
VulnCheck KEV
VulnCheck KEV
•added 2009/07/05 12:0 a.m.•3 views

VulnCheck KEV: CVE-2009-2265

Multiple directory traversal vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to create executable files in arbitrary directories via directory traversal sequences in the input to unspecified connector modules, as exploited in the wild for remote code execution in July 2009,...

7.5CVSS6.5AI score0.83865EPSS
Exploits10References1
VulnCheck KEV
VulnCheck KEV
•added 2009/06/17 12:0 a.m.•3 views

VulnCheck KEV: CVE-2009-0087

Unspecified vulnerability in the Word 6 text converter in WordPad in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and the Word 6 text converter in Microsoft Office Word 2000 SP3 and 2002 SP3; allows remote attackers to execute arbitrary code via a crafted Word 6 file...

9.3CVSS6.2AI score0.25892EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2009/06/16 12:0 a.m.•4 views

VulnCheck KEV: CVE-2009-1391

Off-by-one error in the inflate function in Zlib.xs in Compress::Raw::Zlib Perl module before 2.017, as used in AMaViS, SpamAssassin, and possibly other products, allows context-dependent attackers to cause a denial of service hang or crash via a crafted zlib compressed stream that triggers a...

6.8CVSS5.8AI score0.07441EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2009/05/29 12:0 a.m.•2 views

VulnCheck KEV: CVE-2009-1537

Unspecified vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted QuickTime media file, as...

9.3CVSS6.2AI score0.50926EPSS
Exploits7References1
VulnCheck KEV
VulnCheck KEV
•added 2009/05/28 12:0 a.m.•2 views

VulnCheck KEV: CVE-2009-1800

Stack-based buffer overflow in the Chinagames CGAgent ActiveX control 1.x in CGAgent.dll, as distributed in Chinagames iGame 2009, allows remote attackers to execute arbitrary code via a long argument to the CreateChinagames method, as exploited in the wild in April and May 2009. NOTE: some of...

7.5CVSS6.5AI score0.10899EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2009/05/28 12:0 a.m.•5 views

VulnCheck KEV: CVE-2009-1807

Unspecified vulnerability in Config.dll in Baofeng products 3.09.04.17 and earlier allows remote attackers to execute arbitrary code by calling the SetAttributeValue method, as exploited in the wild in April and May 2009...

9.3CVSS6.2AI score0.07531EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2009/05/11 12:0 a.m.•3 views

VulnCheck KEV: CVE-2009-1612

Stack-based buffer overflow in the MPS.StormPlayer.1 ActiveX control in mps.dll 3.9.4.27 in Baofeng Storm allows remote attackers to execute arbitrary code via a long argument to the OnBeforeVideoDownload method, as exploited in the wild in April and May 2009. NOTE: some of these details are...

9.3CVSS6.5AI score0.33255EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
•added 2009/04/29 12:0 a.m.•5 views

VulnCheck KEV: CVE-2009-1481

SQL injection vulnerability in action.asp in PuterJam's Blog PJBlog3 3.0.6.170 allows remote attackers to execute arbitrary SQL commands via the cname parameter in a checkAlias action, as exploited in the wild in April 2009. NOTE: the provenance of this information is unknown; the details...

7.5CVSS6.2AI score0.01173EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2009/04/27 12:0 a.m.•4 views

VulnCheck KEV: CVE-2009-1438

Integer overflow in the CSoundFile::ReadMed function src/loadmed.cpp in libmodplug before 0.8.6, as used in gstreamer-plugins, TTPlayer, and other products, allows context-dependent attackers to execute arbitrary code via a MED file with a crafted 1 song comment or 2 song name, which...

7.5CVSS6.2AI score0.04667EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2009/04/22 12:0 a.m.•3 views

VulnCheck KEV: CVE-2009-1308

Cross-site scripting XSS vulnerability in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey allows remote attackers to inject arbitrary web script or HTML via vectors involving XBL JavaScript bindings and remote stylesheets, as exploited in the wild by a March 2009 eBay listing...

4.3CVSS7.4AI score0.02288EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2009/04/14 12:0 a.m.•3 views

VulnCheck KEV: CVE-2009-0079

The RPCSS service in Microsoft Windows XP SP2 and SP3 and Server 2003 SP1 and SP2 does not properly implement isolation among a set of distinct processes that 1 all run under the NetworkService account or 2 all run under the LocalService account, which allows local users to gain privileges by...

6.9CVSS5.8AI score0.04064EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
•added 2009/04/14 12:0 a.m.•3 views

VulnCheck KEV: CVE-2009-0078

The Windows Management Instrumentation WMI provider in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly implement isolation among a set of distinct processes that 1 all run under the NetworkService account or 2 all run under...

7.2CVSS5.8AI score0.02744EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2009/04/14 12:0 a.m.•3 views

VulnCheck KEV: CVE-2009-0080

The ThreadPool class in Windows Vista Gold and SP1, and Server 2008, does not properly implement isolation among a set of distinct processes that 1 all run under the NetworkService account or 2 all run under the LocalService account, which allows local users to gain privileges by leveraging...

6.9CVSS5.8AI score0.02358EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2009/04/14 12:0 a.m.•3 views

VulnCheck KEV: CVE-2008-1436

Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 does not properly assign activities to the 1 NetworkService and 2 LocalService accounts, which might allow context-dependent attackers to gain privileges by using one service process to capture a resource from a second...

9CVSS5.8AI score0.36829EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2009/04/03 12:0 a.m.•5 views

VulnCheck KEV: CVE-2009-0556

Microsoft Office PowerPoint contains a code injection vulnerability that allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineTextRefAtom containing an invalid index value that triggers memory corruption...

9.3CVSS6.4AI score0.67539EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
•added 2009/03/24 12:0 a.m.•7 views

VulnCheck KEV: CVE-2009-1054

Unspecified vulnerability in JustSystems Ichitaro 13, 2004 through 2008, Lite2, and Ichitaro viewer 5.1.5.0 and earlier allows remote attackers to execute arbitrary code via a crafted file, as exploited in the wild by Trojan.Tarodrop.H in March 2009...

9.3CVSS6.2AI score0.03909EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2009/03/20 12:0 a.m.•4 views

VulnCheck KEV: CVE-2006-6884

Buffer overflow in the WZFILEVIEW.FileViewCtrl.61 ActiveX control aka Sky Software "FileView" ActiveX control for WinZip 10.0 Build 6667 allows remote attackers to execute arbitrary code via a long argument to the CreateNewFolderFromName method, a different vulnerability than CVE-2006-5198...

9.3CVSS6.2AI score0.602EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
•added 2009/03/20 12:0 a.m.•3 views

VulnCheck KEV: CVE-2007-5659

Adobe Acrobat and Reader contain a buffer overflow vulnerability that allows remote attackers to execute code via a PDF file with long arguments to unspecified JavaScript methods...

9.3CVSS7.6AI score0.94222EPSS
Exploits9References1
VulnCheck KEV
VulnCheck KEV
•added 2009/03/20 12:0 a.m.•3 views

VulnCheck KEV: CVE-2007-0015

Buffer overflow in Apple QuickTime 7.1.3 allows remote attackers to execute arbitrary code via a long rtsp:// URI...

6.8CVSS6.2AI score0.48419EPSS
Exploits10References1
VulnCheck KEV
VulnCheck KEV
•added 2009/02/25 12:0 a.m.•5 views

VulnCheck KEV: CVE-2009-0238

Microsoft Office Excel contains a remote code execution vulnerability that could allow an attacker to take complete control of an affected system if a user opens a specially crafted Excel file that includes a malformed object...

9.3CVSS6.4AI score0.43063EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
•added 2009/02/20 12:0 a.m.•3 views

VulnCheck KEV: CVE-2009-0658

Buffer overflow in Adobe Reader 9.0 and earlier, and Acrobat 9.0 and earlier, allows remote attackers to execute arbitrary code via a crafted PDF document, related to a non-JavaScript function call and possibly an embedded JBIG2 image stream, as exploited in the wild in February 2009 by...

9.3CVSS7.6AI score0.87719EPSS
Exploits7References1
VulnCheck KEV
VulnCheck KEV
•added 2009/01/21 12:0 a.m.•4 views

VulnCheck KEV: CVE-2009-0259

The Word processor in OpenOffice.org 1.1.2 through 1.1.5 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted 1 .doc, 2 .wri, or 3 .rtf Word 97 file that triggers memory corruption, as exploited in the wild in December 2008, as...

9.3CVSS6.2AI score0.07501EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2008/12/11 12:0 a.m.•4 views

VulnCheck KEV: CVE-2008-4844

Use-after-free vulnerability in the CRecordInstance::TransferToDestination function in mshtml.dll in Microsoft Internet Explorer 5.01, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via DSO bindings involving 1 an XML Island, 2 XML DSOs, or 3 Tabular Data Control TDC in...

9.3CVSS6.2AI score0.66513EPSS
Exploits10References1
VulnCheck KEV
VulnCheck KEV
•added 2008/12/10 12:0 a.m.•3 views

VulnCheck KEV: CVE-2008-4841

The WordPad Text Converter for Word 97 files in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted 1 .doc, 2 .wri, or 3 .rtf Word 97 file that triggers memory corruption, as exploited in the wild in December 2008...

9.3CVSS6.2AI score0.4303EPSS
Exploits6References1
VulnCheck KEV
VulnCheck KEV
•added 2008/11/25 12:0 a.m.•8 views

VulnCheck KEV: CVE-2008-5227

Unspecified vulnerability in PHPCow allows remote attackers to execute arbitrary code via unknown vectors, related to a "file inclusion vulnerability," as exploited in the wild in November 2008...

10CVSS6.2AI score0.04686EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2008/10/29 12:0 a.m.•3 views

VulnCheck KEV: CVE-2008-1446

Integer overflow in the Internet Printing Protocol IPP ISAPI extension in Microsoft Internet Information Services IIS 5.0 through 7.0 on Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to execute arbitrary code via an HTTP POST...

9CVSS6.2AI score0.46272EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2008/10/23 12:0 a.m.•4 views

VulnCheck KEV: CVE-2008-4250

The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during path canonicalization, as exploited in the...

10CVSS7.7AI score0.98751EPSS
Exploits12References1
VulnCheck KEV
VulnCheck KEV
•added 2008/10/15 12:0 a.m.•3 views

VulnCheck KEV: CVE-2008-2463

The Microsoft Office Snapshot Viewer ActiveX control in snapview.ocx 10.0.5529.0, as distributed in the standalone Snapshot Viewer and Microsoft Office Access 2000 through 2003, allows remote attackers to download arbitrary files to a client machine via a crafted HTML document or e-mail...

6.8CVSS5.9AI score0.59125EPSS
Exploits9References1
VulnCheck KEV
VulnCheck KEV
•added 2008/10/01 12:0 a.m.•3 views

VulnCheck KEV: CVE-2008-0081

Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted macros, aka "Macro Validation Vulnerability," a different vulnerability than CVE-2007-3490...

9.8CVSS7.7AI score0.57908EPSS
Exploits7References1
VulnCheck KEV
VulnCheck KEV
•added 2008/09/26 12:0 a.m.•5 views

VulnCheck KEV: CVE-2006-5758

The Graphics Rendering Engine in Microsoft Windows 2000 through 2000 SP4 and Windows XP through SP2 maps GDI Kernel structures on a global shared memory section that is mapped with read-only permissions, but can be remapped by other processes as read-write, which allows local users to cause a...

7.2CVSS5.8AI score0.06325EPSS
Exploits6References1
VulnCheck KEV
VulnCheck KEV
•added 2008/09/04 12:0 a.m.•7 views

VulnCheck KEV: CVE-2008-3919

Unspecified vulnerability in multiple JustSystems Ichitaro products allows remote attackers to execute arbitrary code via a crafted JTD document, as exploited in the wild in August 2008...

9.3CVSS6.2AI score0.03909EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2008/08/29 12:0 a.m.•4 views

VulnCheck KEV: CVE-2008-3873

The System.setClipboard method in ActionScript in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to populate the clipboard with a URL that is difficult to delete and does not require user interaction to populate the clipboard, as exploited in the wild in August 2008...

4.3CVSS5.8AI score0.03663EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2008/08/22 12:0 a.m.•3 views

VulnCheck KEV: CVE-2007-4752

ssh in OpenSSH before 4.7 does not properly handle when an untrusted cookie cannot be created and uses a trusted X11 cookie instead, which allows attackers to violate intended policy and gain privileges by causing an X client to be treated as trusted...

7.5CVSS7.1AI score0.02374EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2008/08/18 12:0 a.m.•4 views

VulnCheck KEV: CVE-2008-3704

Heap-based buffer overflow in the MaskedEdit ActiveX control in Msmask32.ocx 6.0.81.69, and possibly other versions before 6.0.84.18, in Microsoft Visual Studio 6.0, Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allows remote attackers...

9.3CVSS6.1AI score0.55917EPSS
Exploits9References1
VulnCheck KEV
VulnCheck KEV
•added 2008/08/15 12:0 a.m.•4 views

VulnCheck KEV: CVE-2008-3681

components/comuser/models/reset.php in Joomla! 1.5 through 1.5.5 does not properly validate reset tokens, which allows remote attackers to reset the "first enabled user lowest id" password, typically for the administrator...

7.5CVSS5.8AI score0.09399EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2008/07/09 12:0 a.m.•6 views

VulnCheck KEV: CVE-2008-2244

Microsoft Office Word 2002 SP3 allows remote attackers to execute arbitrary code via a .doc file that contains malformed data, as exploited in the wild in July 2008, and as demonstrated by attachement.doc...

9.3CVSS6.2AI score0.32139EPSS
Exploits1References1
Total number of security vulnerabilities4985