Lucene search
K
ZdiMost viewed

16763 matches found

Zero Day Initiative
Zero Day Initiative
•added 2010/07/20 12:0 a.m.•37 views

Mozilla Firefox NodeIterator Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the victim must visit a malicious page or open a malicious file. The specific flaw exists within the application'...

10CVSS4.6AI score0.05384EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2010/06/21 12:0 a.m.•37 views

Novell Access Manager Arbitrary File Upload Remote Code Execution Vulnerability

This vulnerability allows remote attackers to upload arbitrary files on vulnerable installations of Novell Access Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the PortalModuleInstallManager component of the Novell Management Console which...

10CVSS5.5AI score0.06383EPSS
Exploits1References1
Zero Day Initiative
Zero Day Initiative
•added 2010/04/06 12:0 a.m.•37 views

CA XOsoft Control Service entry_point.aspx Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Computer Associates XOsoft Control Replication and High Availability Control Service. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...

10CVSS4.8AI score0.16755EPSS
Exploits5References1
Zero Day Initiative
Zero Day Initiative
•added 2010/04/02 12:0 a.m.•37 views

Mozilla Firefox libpr0n imgContainer Bits-Per-Pixel Change Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the libpr0n...

10CVSS2.7AI score0.05724EPSS
Exploits2References1
Zero Day Initiative
Zero Day Initiative
•added 2010/04/02 12:0 a.m.•37 views

Apple QuickTime genl Atom Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists in QuickTimeMPEG.qtx and results when QuickTime...

10CVSS5.4AI score0.0479EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2009/12/09 12:0 a.m.•37 views

Hewlett-Packard OpenView NNM Multiple Command Injection Vulnerabilities

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard's Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaws exist within Perl CGI executables distributed with Network Node Manager NNM...

10CVSS1.8AI score0.21951EPSS
Exploits2References1
Zero Day Initiative
Zero Day Initiative
•added 2009/12/08 12:0 a.m.•37 views

Microsoft Internet Explorer IFrame Attributes Circular Reference Dangling Pointer Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. The specific flaw exists during deallocation of a circula...

9.3CVSS3.2AI score0.26261EPSS
Exploits1References1
Zero Day Initiative
Zero Day Initiative
•added 2009/12/08 12:0 a.m.•37 views

Microsoft Internet Explorer XHTML DOM Manipulation Memory Corruption Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required in that a user must visit a malicious web page. The specific flaw exists in the manipulation and parsing of certain HTML tags. The ordering...

9.3CVSS2.6AI score0.21038EPSS
Exploits1References1
Zero Day Initiative
Zero Day Initiative
•added 2009/11/10 12:0 a.m.•37 views

Microsoft Excel Shared Feature Header Pointer Offset Memory Corruption Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must open a malicious spreadsheet. The specific flaw exists in the handling of Shared Feature...

9.3CVSS2.5AI score0.85731EPSS
Exploits10References1
Zero Day Initiative
Zero Day Initiative
•added 2009/11/02 12:0 a.m.•37 views

Novell eDirectory LDAP Null Base DN Denial of Service Vulnerability

This vulnerability allows attackers to deny services on vulnerable installations of Novell eDirectory. Authentication is not required in order to exploit this vulnerability. The specific flaw exists within Novell's eDirectory Server's LDAP implementation. Novell eDirectory's NDSD process binds to...

5CVSS1.4AI score0.02311EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2009/08/05 12:0 a.m.•37 views

Sun Java Pack200 Decoding Inner Class Count Integer Overflow Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Sun Java Runtime. User interaction is required in that a target must visit a malicious web page or open a malicious JNLP file. The specific flaw exists within the code responsible for handling...

10CVSS4.3AI score0.04324EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2009/05/13 12:0 a.m.•37 views

Apple Safari Malformed SVGList Parsing Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists during the parsing of malformed SVGLists via the...

9.3CVSS5AI score0.09322EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2009/01/14 12:0 a.m.•37 views

Oracle TimesTen evtdump Remote Format String Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle TimesTen. User interaction is not required to exploit this vulnerability. The specific flaw exists in the evtdump CGI module, which is used to write to an internal log file. The parameter...

7.5CVSS3.2AI score0.11891EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2008/11/12 12:0 a.m.•37 views

Mozilla Firefox Input Box Type Property Dangling Pointer Vulnerability

This vulnerability allows attackers to potentially execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists when a DOM method on a specific HTML form...

9.3CVSS2.7AI score0.03633EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2008/07/10 12:0 a.m.•37 views

Novell eDirectory dhost Integer Overflow Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell eDirectory. Authentication is not required to exploit this vulnerability. The specific flaw exists within dhost.exe, bound by default to TCP port 524. Flawed arithmetic applied to a...

10CVSS3.3AI score0.08667EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2008/04/08 12:0 a.m.•37 views

Adobe Flash Script Injection Cross Domain Scripting Vulnerability

This vulnerability allows remote attackers to inject scripts across domains through vulnerable versions of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the handling of scripts injected via Flash...

4.3CVSS2AI score0.04891EPSS
Exploits1References1
Zero Day Initiative
Zero Day Initiative
•added 2007/12/11 12:0 a.m.•37 views

Microsoft Internet Explorer Node Manipulation Memory Corruption Vulnerability

This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The flaw exists due to improper use of the "cloneNode" and "nodeValu...

6.8CVSS2.7AI score0.31275EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2007/09/12 12:0 a.m.•37 views

Multiple Kerberos Implementations Authentication Context Stack Overflow Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of MIT Kerberos. Authentication is not required to exploit this vulnerability. The specific flaw exists in the svcauthgssvalidate function. By sending a large authentication context over RPC, a stack...

10CVSS5.3AI score0.10997EPSS
Exploits4References1
Zero Day Initiative
Zero Day Initiative
•added 2007/07/12 12:0 a.m.•37 views

Symantec AntiVirus Engine CAB Parsing Heap Overflow Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on systems with affected installations of Symantec's AntiVirus Engine. User interaction is not required to exploit this vulnerability. The specific flaw exists during the process of scanning multiple maliciously formatted CAB...

9.3CVSS3.8AI score0.05957EPSS
Exploits1References1
Zero Day Initiative
Zero Day Initiative
•added 2007/07/11 12:0 a.m.•37 views

Samba lsa_io_privilege_set Heap Overflow Vulnerability

This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Samba. User interaction is not required to exploit this vulnerability. The specific flaw exists in the parsing of RPC requests to the LSA RPC interface. When parsing a request to LsarAddPrivilegesToAccoun...

10CVSS5.8AI score0.77806EPSS
Exploits23References1
Zero Day Initiative
Zero Day Initiative
•added 2006/11/14 12:0 a.m.•37 views

WinZip FileView ActiveX Control Unsafe Method Exposure Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of WinZip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the ActiveX control...

4CVSS3.8AI score0.602EPSS
Exploits5References1
Zero Day Initiative
Zero Day Initiative
•added 2006/03/14 12:0 a.m.•37 views

Microsoft Excel File Format Parsing Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. Exploitation requires that the attacker coerce the target into opening a malicious .XLS file. The specific flaw exists within the parsing of the BIFF file format used by Microsoft...

5.1CVSS4.7AI score0.16247EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2006/02/23 12:0 a.m.•37 views

Adobe Macromedia ShockWave Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Macromedia Shockwave. Exploitation requires the target to visit a malicious web site. This specific flaw exists within the ActiveX control with CLSID 166B1BCA-3F9C-11CF-8075-444553540000...

9.3CVSS6AI score0.1923EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2025/06/25 12:0 a.m.•36 views

Mikrotik RouterOS VXLAN Source IP Improper Access Control Vulnerability

This vulnerability allows remote attackers to bypass access restrictions on affected installations of Mikrotik RouterOS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of remote IP addresses when processing VXLAN traffic. The issue resul...

7.2CVSS7.2AI score0.00466EPSS
Exploits0
Zero Day Initiative
Zero Day Initiative
•added 2024/06/13 12:0 a.m.•36 views

(0Day) Dropbox Desktop Folder Sharing Mark-of-the-Web Bypass Vulnerability

This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of Dropbox Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

8.8CVSS6.9AI score0.01247EPSS
Exploits0
Zero Day Initiative
Zero Day Initiative
•added 2024/06/12 12:0 a.m.•36 views

(Pwn2Own) Microsoft Windows UnserializePropertySet Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

8.8CVSS7.1AI score0.05859EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/05/14 12:0 a.m.•36 views

Microsoft Windows Search Service Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Windows Search...

7CVSS6.8AI score0.00956EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/02/12 12:0 a.m.•36 views

Autodesk AutoCAD SLDPRT File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...

7.8CVSS7.2AI score0.00396EPSS
Exploits0References2
Zero Day Initiative
Zero Day Initiative
•added 2023/12/15 12:0 a.m.•36 views

Delta Electronics DOPSoft DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.8CVSS6.9AI score0.00365EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/11/14 12:0 a.m.•36 views

GIMP DDS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DDS files. The...

7.8CVSS6.6AI score0.27307EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/09/29 12:0 a.m.•36 views

Linux Kernel XFRM Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of the Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

3.2CVSS5.8AI score0.00417EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/09/29 12:0 a.m.•36 views

Linux Kernel Netfilter Xtables Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of the Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

6.7CVSS6AI score0.00397EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/09/12 12:0 a.m.•36 views

Microsoft Exchange Project Deserialization of Untrusted Data Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Exchange. Authentication is required to exploit this vulnerability. The specific flaw exists within the lack of protection against deserialization of the Project class. The issue...

7.1CVSS6.2AI score0.81228EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/08/25 12:0 a.m.•36 views

Samba Spotlight mdssvc RPC Request Infinite Loop Denial-of-Service Vulnerability

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Samba. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of Spotlight RPC arguments. Crafted arguments can force the server into ...

5.9CVSS6.6AI score0.62606EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/08/14 12:0 a.m.•36 views

Microsoft Windows CLFS Incorrect Integer Conversion Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the clfs.sys drive...

8.8CVSS7AI score0.12053EPSS
Exploits1References1
Zero Day Initiative
Zero Day Initiative
•added 2023/07/20 12:0 a.m.•36 views

Linux Kernel ksmbd Session Setup Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Linux Kernel. Authentication is not required to exploit this vulnerability. However, only systems with ksmbd enabled are vulnerable. The specific flaw exists within the handling of session...

7.2CVSS6.4AI score0.02838EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/07/06 12:0 a.m.•36 views

GStreamer SRT File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of SRT...

8.8CVSS7.1AI score0.01643EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/06/08 12:0 a.m.•36 views

Trend Micro Apex One Security Agent Exposed Dangerous Function Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within...

7.8CVSS7.2AI score0.00234EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/05/24 12:0 a.m.•36 views

Moxa MXsecurity Series Restricted Shell Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Moxa MXsecurity Series appliances. Authentication is required to exploit this vulnerability. The specific flaw exists within the SSH CLI program. The issue results from the lack of proper validation ...

7.2CVSS7.4AI score0.01456EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/05/17 12:0 a.m.•36 views

(Pwn2Own) Synology DiskStation Manager dnsauth.php Missing Authentication Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Synology DiskStation Manager. This vulnerability does not require authentication, but does require some user interaction. The specific flaw exists within the dnsauth.php endpoint. The issue...

6.5CVSS6.8AI score0.00586EPSS
Exploits1References1
Zero Day Initiative
Zero Day Initiative
•added 2023/05/17 12:0 a.m.•36 views

Omron CX-One CX-Programmer CXP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Omron CX-One. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CXP...

7.8CVSS6.8AI score0.00242EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/05/17 12:0 a.m.•36 views

Delta Electronics InfraSuite Device Master Incorrect Permission Assignment Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Delta Electronics InfraSuite Device Master. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists...

7.8CVSS7.2AI score0.00164EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/05/15 12:0 a.m.•36 views

D-Link DIR-2150 SetSysEmailSettings EmailTo Command Injection Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the SOAP A...

6.8CVSS7.4AI score0.0176EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/05/10 12:0 a.m.•36 views

Microsoft Windows PE Parsing Integer Overflow Denial-of-Service Vulnerability

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within th...

6.5CVSS8.3AI score0.24622EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/05/10 12:0 a.m.•36 views

Adobe Substance 3D Painter PLY File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Substance 3D Painter. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...

3.3CVSS5.8AI score0.00345EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/05/04 12:0 a.m.•36 views

Sante DICOM Viewer Pro J2K File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing...

7.8CVSS6.9AI score0.00916EPSS
Exploits0
Zero Day Initiative
Zero Day Initiative
•added 2023/04/24 12:0 a.m.•36 views

Microsoft Windows win32kfull Null Pointer Dereference Denial-of-Service Vulnerability

This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within t...

6.5CVSS7.3AI score0.00519EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/04/24 12:0 a.m.•36 views

Microsoft Excel 3MF File Parsing Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3MF...

7.8CVSS7.7AI score0.00784EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/04/24 12:0 a.m.•36 views

Microsoft Windows win32kfull Null Pointer Dereference Denial-of-Service Vulnerability

This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within t...

6.5CVSS7.3AI score0.00519EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/04/11 12:0 a.m.•36 views

Microsoft Windows Remote Desktop Connection Uninitialized Variable Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must open a remote desktop session to a host that has been compromised or otherwise under...

4.3CVSS7.7AI score0.02086EPSS
Exploits0References1
Total number of security vulnerabilities5000