Lucene search
K
ZdiMost viewed

16763 matches found

Zero Day Initiative
Zero Day Initiative
•added 2011/03/02 12:0 a.m.•35 views

Apple Safari Webkit Runin Box Promotion Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari's Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way th...

9CVSS3.2AI score0.03181EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2011/02/08 12:0 a.m.•35 views

Adobe Reader Controlled memset Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within AcroRd32.dll...

10CVSS2.6AI score0.40268EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2011/01/10 12:0 a.m.•35 views

Hewlett-Packard OpenView Network Node Manager nnmRptConfig.exe data_select1 Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the nnmRptConfig.exe module exposed by the webserver that listens by default o...

10CVSS5AI score0.16546EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2010/11/10 12:0 a.m.•35 views

Apple Quicktime Sorenson Video Codec Decoding Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple's Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way...

10CVSS9.5AI score0.029EPSS
Exploits1References2
Zero Day Initiative
Zero Day Initiative
•added 2010/10/06 12:0 a.m.•35 views

Adobe Acrobat Reader ICC mluc Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required in that a target must be coerced into opening a file or visiting a web page. The specific flaw exists within the ACE.dll module responsible for parsing IC...

10CVSS7.6AI score0.05707EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2010/08/05 12:0 a.m.•35 views

Apple Webkit SVG First-Letter Style Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari's Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

10CVSS4.3AI score0.06084EPSS
Exploits1References1
Zero Day Initiative
Zero Day Initiative
•added 2010/07/21 12:0 a.m.•35 views

Novell Teaming ajaxUploadImageFile Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Teaming. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Tomcat server installed by default with Teaming. The server exposes an AJAX request...

10CVSS7.3AI score
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2010/07/13 12:0 a.m.•35 views

Oracle Secure Backup Administration Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to inject arbitrary commands on vulnerable installations of Oracle Secure Backup. Authentication is required to exploit this vulnerability but may be bypassed. The specific flaw exists in the handling of the 'preauth' variable to the script index.php use...

10CVSS2.7AI score0.02243EPSS
Exploits12References1
Zero Day Initiative
Zero Day Initiative
•added 2010/04/28 12:0 a.m.•35 views

Realnetworks Helix Server NTLM Authentication Invalid Base64 Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Helix Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the authentication provided by the administrative web interface and is only...

8.3CVSS1.9AI score0.01617EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2010/04/14 12:0 a.m.•35 views

Apple Preview libFontParser SpecialEncoding Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Preview. User interaction is required in that a target must open a malicious file or visit a malicious page. The specific flaw exists within the routine TType1ParsingContext::SpecialEncoding...

10CVSS4.6AI score0.05184EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2010/04/05 12:0 a.m.•35 views

Novell Netware NWFTPD RMD/RNFR/DELE Argument Parsing Remote Code Execution Vulnerabilities

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Netware NWFTPD daemon. Authentication or default anonymous access is required to exploit this vulnerability. The specific flaw exists when parsing malformed arguments to the verbs RMD, RNFR,...

10CVSS5.9AI score0.05089EPSS
Exploits1References1
Zero Day Initiative
Zero Day Initiative
•added 2010/04/02 12:0 a.m.•35 views

Apple QuickTime FLI LinePacket Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...

10CVSS5.8AI score0.18573EPSS
Exploits5References2
Zero Day Initiative
Zero Day Initiative
•added 2010/04/02 12:0 a.m.•35 views

Mozilla Firefox nsTreeSelection EventListener Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on software utilizing a vulnerable version of Mozilla's Firefox. User interaction is required in that the victim must visit a malicious website or be coerced into opening a malicious document. The specific flaw exists within how...

10CVSS4.4AI score0.07054EPSS
Exploits1References1
Zero Day Initiative
Zero Day Initiative
•added 2010/03/02 12:0 a.m.•35 views

Novell eDirectory SOAP Request Parsing Denial of Service Vulnerability

This vulnerability allows remote attackers to deny services on vulnerable installations of Novell eDirectory Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NDS daemon's SOAP service. When a malformed request is made to the...

8.5CVSS4.6AI score0.02272EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2010/01/21 12:0 a.m.•35 views

RealNetworks RealPlayer GIF Handling Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute code on vulnerable installations of RealNetworks RealPlayer. User interaction is required in that a user must open a malicious file or visit a malicious web site. The specific flaw exists during the parsing of GIF files with forged chunk sizes...

10CVSS5.7AI score0.08453EPSS
Exploits1References1
Zero Day Initiative
Zero Day Initiative
•added 2010/01/21 12:0 a.m.•35 views

Microsoft Internet Explorer Table Layout Col Tag Cache Update Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists when a Col element is used within an...

10CVSS1.9AI score0.20759EPSS
Exploits2References1
Zero Day Initiative
Zero Day Initiative
•added 2010/01/12 12:0 a.m.•35 views

Novell ZENworks Asset Management docfiledownload Remote SQL Injection Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell ZENworks Asset Management. Authentication is not required to exploit this vulnerability. The specific flaw exists due to insufficient sanity checks on the documentID parameter to the...

10CVSS8.2AI score
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2009/11/02 12:0 a.m.•35 views

Novell eDirectory LDAP Null Base DN Denial of Service Vulnerability

This vulnerability allows attackers to deny services on vulnerable installations of Novell eDirectory. Authentication is not required in order to exploit this vulnerability. The specific flaw exists within Novell's eDirectory Server's LDAP implementation. Novell eDirectory's NDSD process binds to...

5CVSS1.4AI score0.02311EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2009/06/02 12:0 a.m.•35 views

Apple QuickTime Packed-bit Decoding Heap Overflow Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists when the application...

9.3CVSS4.6AI score0.04756EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2009/05/13 12:0 a.m.•35 views

Apple Safari Malformed SVGList Parsing Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists during the parsing of malformed SVGLists via the...

9.3CVSS5AI score0.09322EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2009/05/12 12:0 a.m.•35 views

Microsoft Office PowerPoint OutlineTextRefAtom Parsing Memory Corruption Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office PowerPoint. Exploitation requires that the attacker coerce the target into opening a malicious .PPT file. The specific flaw exists in the parsing of the OutlineTextRefAtom 3998. By...

9.3CVSS6.4AI score0.67539EPSS
Exploits5References1
Zero Day Initiative
Zero Day Initiative
•added 2008/11/04 12:0 a.m.•35 views

Adobe Acrobat PDF Javascript getCosObj Memory Corruption Vulnerability

This vulnerability allows remote attackers to execute code on vulnerable installations of Adobe Acrobat. User interaction is required in that a user must visit a malicious web site. The specific flaw exists when processing malicious javascript contained in a PDF document. When creating a Collab...

9.3CVSS4.5AI score0.09497EPSS
Exploits1References1
Zero Day Initiative
Zero Day Initiative
•added 2008/10/30 12:0 a.m.•35 views

SonicWALL Content-Filtering Universal Script Injection Vulnerability

This vulnerability allows remote attackers to execute a script injection attack on arbitrary sites through vulnerable installations of SonicWALL. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page or open a malicious web link. The specifi...

4.3CVSS3.3AI score0.06425EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2008/10/08 12:0 a.m.•35 views

Novell eDirectory Core Protocol Opcode 0x0F Heap Overflow Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell eDirectory Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within dhost.exe, the service responsible for directory replication which is bound b...

10CVSS4.3AI score0.09821EPSS
Exploits1References1
Zero Day Initiative
Zero Day Initiative
•added 2008/05/15 12:0 a.m.•35 views

Symantec Altiris Deployment Solution SQL Injection Vulnerability

This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Symantec Altiris Deployment Solution. User interaction is not required to exploit this vulnerability. The specific flaw exists within the axengine.exe process listening by default on TCP port 402. A lack ...

7.5CVSS5.8AI score0.32678EPSS
Exploits9References1
Zero Day Initiative
Zero Day Initiative
•added 2008/03/26 12:0 a.m.•35 views

Novell eDirectory for Linux LDAP delRequest Stack Overflow Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell eDirectory for Linux. Authentication is not required to exploit this vulnerability. The specific flaw exists in the libnldap library. When a large LDAP delRequest message is sent, a stack...

6.8CVSS5.6AI score0.05003EPSS
Exploits1References1
Zero Day Initiative
Zero Day Initiative
•added 2007/12/11 12:0 a.m.•35 views

Microsoft Internet Explorer setExpression Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the CRecalcProperty function in...

9.3CVSS2.3AI score0.35508EPSS
Exploits1References1
Zero Day Initiative
Zero Day Initiative
•added 2007/10/10 12:0 a.m.•35 views

Firebird process_packet() Remote Stack Overflow Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Firebird SQL server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the database service fbserver.exe, which binds to TCP port 3050. When processing a...

10CVSS4AI score0.07691EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2006/11/10 12:0 a.m.•35 views

Marshal MailMarshal ARJ Extraction Directory Traversal Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Marshal MailMarshal formerly of NetIQ. Authentication is not required to exploit this vulnerability. The specific flaw exists within the extraction and scanning of ARJ compressed attachments. Due t...

10CVSS4.1AI score0.0388EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2006/10/10 12:0 a.m.•35 views

Microsoft Office Excel File Format DATETIME Record Parsing Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. Exploitation requires that the attacker coerce the target user into opening a malicious .XLS file. The specific flaw exists within the parsing of the BIFF file format used by...

5.1CVSS4.8AI score0.12212EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2006/10/10 12:0 a.m.•35 views

Microsoft Word Malformed Chart Code Execution Vulnerability

This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Office. Exploitation requires that the attacker coerce the target user into opening a malicious .XLS file. The specific flaw exists during the processing of malformed charts embedded within a Wo...

9.3CVSS4.8AI score0.36791EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2006/04/17 12:0 a.m.•35 views

Mozilla Firefox Tag Parsing Code Execution Vulnerability

This vulnerability allows attackers to execute arbitrary code on vulnerable installations of the Mozilla/Firefox web browser and Thunderbird e-mail client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious e-mail. The...

9.3CVSS4.8AI score0.10487EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/06/12 12:0 a.m.•34 views

Apple macOS PPM Image Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the ImageIO framework is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the ImageIO...

7.8CVSS6.9AI score0.00383EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/06/10 12:0 a.m.•34 views

Linux Kernel RSVP Filter Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of the Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

6.7CVSS7.3AI score0.004EPSS
Exploits1References1
Zero Day Initiative
Zero Day Initiative
•added 2024/05/29 12:0 a.m.•34 views

Progress Software Telerik Reporting ValidateMetadaUri XML External Entity Processing Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Progress Software Telerik Reporting. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within...

6.5CVSS6.7AI score0.007EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/05/01 12:0 a.m.•34 views

(Pwn2Own) Xiaomi Pro 13 GetApps integral-dialog-page Cross-Site Scripting Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Xiaomi Pro 13 smartphones. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

8.8CVSS7.4AI score0.02236EPSS
Exploits0
Zero Day Initiative
Zero Day Initiative
•added 2024/03/01 12:0 a.m.•34 views

SolarWinds Security Event Manager AMF Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Security Event Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the AMF deserialization endpoints. The issue...

9.8CVSS7.8AI score0.91557EPSS
Exploits1References1
Zero Day Initiative
Zero Day Initiative
•added 2024/01/04 12:0 a.m.•34 views

X.Org Server RRChangeOutputProperty Integer Overflow Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling...

5.5CVSS7.5AI score0.01631EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/12/20 12:0 a.m.•34 views

(0Day) Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

5.5CVSS6.2AI score0.00784EPSS
Exploits0
Zero Day Initiative
Zero Day Initiative
•added 2023/12/20 12:0 a.m.•34 views

Foxit PDF Reader Annotation Type Confusion Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...

7.8CVSS7.2AI score0.00421EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/12/19 12:0 a.m.•34 views

X.Org Server Damage Object Use-After-Free Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of Damage...

7.4CVSS7.5AI score0.00536EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/11/15 12:0 a.m.•34 views

Microsoft Windows win32kfull UMPDDrvBitBlt Use-After-Free Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the win32kfull...

8.8CVSS7.6AI score0.01229EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/11/15 12:0 a.m.•34 views

Adobe Acrobat Reader DC AcroForm value Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within th...

3.3CVSS6.3AI score0.02035EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/10/11 12:0 a.m.•34 views

Microsoft Windows UMPDDrvStretchBltROP Type Confusion Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Additionally, the target system must have multiple...

7.8CVSS7.5AI score0.11648EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/09/29 12:0 a.m.•34 views

Linux Kernel Netfilter Xtables Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of the Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

5.1CVSS5.6AI score0.00415EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/09/29 12:0 a.m.•34 views

Linux Kernel Netfilter Xtables Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of the Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

6.7CVSS6AI score0.00397EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/09/27 12:0 a.m.•34 views

Microsoft Visual Studio DAE File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Visual Studio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsin...

7.8CVSS6.9AI score0.01779EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/09/19 12:0 a.m.•34 views

Microsoft Exchange ExFileLog Deserialization of Untrusted Data Denial-of-Service Vulnerability

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Microsoft Exchange. Authentication is required to exploit this vulnerability. The specific flaw exists within the lack of protection against deserialization of the ExFileLog class. The...

6.5CVSS6.5AI score0.68598EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/09/12 12:0 a.m.•34 views

Microsoft 3D Builder PLY File Parsing Memory Corruption Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft 3D Builder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing o...

5.3CVSS6.3AI score0.00697EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/09/12 12:0 a.m.•34 views

Microsoft Exchange ApprovedApplicationCollection Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Exchange. Authentication is required to exploit this vulnerability. The specific flaw exists within the lack of protection against deserialization of the ApprovedApplicationCollection class...

8.8CVSS7.3AI score0.74671EPSS
Exploits0References1
Total number of security vulnerabilities5000