Lucene search
+L
ZdiMost viewed

16763 matches found

zdi
zdi
•added 2012/08/17 12:0 a.m.•33 views

Oracle Java WebStart Browser Argument Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

9CVSS5.4AI score0.05983EPSS
Exploits0References1
zdi
zdi
•added 2012/06/28 12:0 a.m.•33 views

Apple Quicktime TeXML Style Element Parsing Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X...

7.5CVSS5.1AI score0.28623EPSS
Exploits9
zdi
zdi
•added 2012/06/21 12:0 a.m.•33 views

RealNetworks Helix Server rn5auth Credential Parsing Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Real Helix Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within rn4auth.dll, which is responsible for parsing authentication credentials. When the...

7.5CVSS5AI score0.04168EPSS
Exploits0References1
zdi
zdi
•added 2012/06/08 12:0 a.m.•33 views

Symantec Web Gateway upload_file Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Web Gateway. Authentication is not required to exploit this vulnerability. The specific flaw exists because Symantec Web Gateway allows unauthenticated users to upload a file while...

7.5CVSS5.7AI score0.64061EPSS
Exploits5References1
zdi
zdi
•added 2012/03/22 12:0 a.m.•33 views

RealNetworks RealPlayer RealAudio coded_frame_size Remote Code Execution

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required in that a target must visit a malicious page or open a malicious file. The flaw exists within cook.dll, specifically the handling of a RealAudi...

9CVSS5.1AI score0.03736EPSS
Exploits0References1
zdi
zdi
•added 2012/03/01 12:0 a.m.•33 views

IBM Tivoli Provisioning Manager Express for Software Distribution 4.1.1 Multiple Remote Code Execution Vulnerabilities

IBM Tivoli Provisioning Manager soapServlet SOAP Message Printer.getPrinterAgentKey SQL Injection Vulnerability This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Tivoli Provisioning Manager Express for Software Distribution. Authentication is...

10CVSS3.1AI score0.01757EPSS
Exploits1References1
zdi
zdi
•added 2012/01/12 12:0 a.m.•33 views

(0Day) HP Diagnostics Server magentservice.exe Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Diagnostics server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the way the HP Diagnostics server handles incomming packets with 0x00000000 as t...

10CVSS6AI score0.64803EPSS
Exploits8
zdi
zdi
•added 2011/10/18 12:0 a.m.•33 views

Apple QuickTime FlashPix JPEG Tables Selector Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Quicktim...

7.5CVSS1.9AI score0.03363EPSS
Exploits2References1
zdi
zdi
•added 2011/10/13 12:0 a.m.•33 views

Adobe Reader U3D BMP Colors Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Adobe Image...

9CVSS5AI score0.0594EPSS
Exploits1References1
zdi
zdi
•added 2011/08/16 12:0 a.m.•33 views

RealNetworks Realplayer QCP Parsing Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...

9CVSS6.1AI score0.28612EPSS
Exploits8References1
zdi
zdi
•added 2011/07/20 12:0 a.m.•33 views

CA Total Defense Suite Gateway Security Malformed HTTP Packet Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Suite r12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Icihttp.exe module CA Gateway Security for HTTP, which responds to...

10CVSS3.8AI score0.16205EPSS
Exploits0References1
zdi
zdi
•added 2011/06/14 12:0 a.m.•33 views

Adobe Shockwave TextXtra Text Element Parsing Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

9CVSS4.6AI score0.07476EPSS
Exploits0References1
zdi
zdi
•added 2011/06/06 12:0 a.m.•33 views

Novell iPrint nipplib.dll profile-time Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the nipplib componen...

9CVSS3.3AI score0.04883EPSS
Exploits0References1
zdi
zdi
•added 2011/04/19 12:0 a.m.•33 views

Oracle Application Server Authentication Bypass Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle GlassFish Application Server and Oracle Java Application Server. Authentication is not required to exploit this vulnerability. The flaw exists within the Web Administration component which...

10CVSS2.8AI score0.60878EPSS
Exploits6References1
zdi
zdi
•added 2011/04/13 12:0 a.m.•33 views

CA Total Defense Suite Heartbeat Web Service Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Endpoint. Authentication is not required to exploit this vulnerability. The specific flaw exists within CA.Itm.Server.ManagementWS.dll. Due to a failure to properly sanitize...

10CVSS3.4AI score0.11423EPSS
Exploits0References1
zdi
zdi
•added 2011/02/08 12:0 a.m.•33 views

RealNetworks Real Player Predictable Temporary File Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the temporary fil...

9CVSS3.1AI score0.06582EPSS
Exploits0References1
zdi
zdi
•added 2011/02/07 12:0 a.m.•33 views

(0Day) SCO Openserver IMAP Daemon Long Verb Parsing Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the SCO OpenServer IMAP daemon. Authentication is not required to exploit this vulnerability. The specific flaw exists within the imapd process responsible for handling remote IMAP requests. The...

10CVSS8.2AI score
Exploits0
zdi
zdi
•added 2011/02/07 12:0 a.m.•34 views

(0Day) IBM Lotus Domino LDAP Bind Request Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Domino. Authentication is not required to exploit this vulnerability. The flaw exists within the nLDAP.exe component which listens by default on TCP port 389. When handling the an LDAP Bi...

10CVSS5.2AI score0.14302EPSS
Exploits0References1
zdi
zdi
•added 2011/02/07 12:0 a.m.•33 views

(0Day) Microsoft Office Excel Axis Properties Record Parsing Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the application...

9CVSS5.5AI score0.42562EPSS
Exploits5References1
zdi
zdi
•added 2011/02/07 12:0 a.m.•33 views

(0Day) Hewlett-Packard Data Protector Client EXEC_CMD Perl Remote Code Execution Vulnerability

This vulnerability allows an attacker to execute remote code on vulnerable installations of the Hewlett-Packard Data Protector client. User interaction is not required to exploit this vulnerability. The specific flaw exists within the filtering of arguments to the EXECCMD command. The Data...

10CVSS4.5AI score0.81081EPSS
Exploits30
zdi
zdi
•added 2011/01/26 12:0 a.m.•33 views

Novell GroupWise Internet Agent TZID Parsing Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell GroupWise. Authentication is not required to exploit this vulnerability. The specific flaw exists within the gwwww1.dll module responsible for parsing VCALENDAR data within e-mail messages...

10CVSS6.3AI score0.09547EPSS
Exploits0References1
zdi
zdi
•added 2011/01/25 12:0 a.m.•33 views

Novell GroupWise Internet Agent REQUEST-STATUS Parsing Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell GroupWise. Authentication is not required to exploit this vulnerability. The specific flaw exists within the gwwww1.dll module responsible for parsing VCALENDAR data within e-mail messages...

10CVSS6.3AI score0.10245EPSS
Exploits0References1
zdi
zdi
•added 2010/12/14 12:0 a.m.•33 views

Microsoft Internet Explorer HTML+Time Element outerText Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must be convinced of visiting a malicious page or opening a malicious file. The specific...

10CVSS7AI score0.28886EPSS
Exploits4References1
zdi
zdi
•added 2010/12/10 12:0 a.m.•33 views

RealNetworks RealPlayer Cross-Zone Scripting Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is requires in that a target must navigate to a malicious page. The specific flaw exists within the HandleAction method of the RealPlayer ActiveX control...

9CVSS7.4AI score0.01157EPSS
Exploits0References1
zdi
zdi
•added 2010/12/10 12:0 a.m.•33 views

RealNetworks RealPlayer RTSP GIF Parsing Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious media file. The specific flaw exists in the...

9CVSS7.1AI score0.06411EPSS
Exploits0References1
zdi
zdi
•added 2010/10/15 12:0 a.m.•33 views

RealNetworks RealPlayer Multiple Protocol Handlers Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the RealPlayer ActiveX control...

9CVSS7.2AI score0.06501EPSS
Exploits0References1
zdi
zdi
•added 2010/10/12 12:0 a.m.•33 views

Oracle Java ActiveX Plugin Uninitialized Window Handle Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle's Java platform that utilize the ActiveX Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...

9CVSS7AI score0.07968EPSS
Exploits0References1
zdi
zdi
•added 2010/10/12 12:0 a.m.•33 views

Oracle Database Java Stored Procedure Race Condition Remote Code Execution Vulnerability

This vulnerability allows remote attackers to break out of the Java Sandbox implemented by Oracle's relational database. Authentication is required in that a user must be able to create a Java stored procedure to trigger the issue. The specific flaw exists within Oracle's custom SecurityManager...

9CVSS6.8AI score0.01732EPSS
Exploits0References1
zdi
zdi
•added 2010/08/11 12:0 a.m.•33 views

Apple Webkit SVG Floating Text Element Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari's Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

10CVSS9.2AI score0.05961EPSS
Exploits0References1
zdi
zdi
•added 2010/08/10 12:0 a.m.•33 views

Microsoft Cinepak Codec CVDecompress Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the iccvid.dll...

10CVSS4AI score0.30895EPSS
Exploits5References1
zdi
zdi
•added 2010/07/15 12:0 a.m.•33 views

Ipswitch Imail Server List Mailer Reply-To Address Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IPSwitch IMail List Mailer. Authentication is not required to exploit this vulnerability. The specific flaw exists within imailsrv.exe which is invoked to handle messages sent to the imailsrv. When...

10CVSS7.9AI score
Exploits0
zdi
zdi
•added 2010/07/13 12:0 a.m.•34 views

Oracle Secure Backup Administration uname Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Oracle Secure Backup. Authentication is not required to exploit this vulnerability. The specific flaw exists in the handling of user input to the uname variable of the login.php script running on th...

9.7CVSS2.1AI score0.50625EPSS
Exploits6References1
zdi
zdi
•added 2010/05/11 12:0 a.m.•34 views

HP OpenView NNM netmon sel CGI Variable Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Network Monitor netmon.exe daemon. This process can be started by invoking...

10CVSS5.2AI score0.13078EPSS
Exploits0References1
zdi
zdi
•added 2010/04/02 12:0 a.m.•33 views

Apple OS X Internet Enabled Disk Image Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists in the handling of internet enabled disk image files...

10CVSS3.3AI score0.02522EPSS
Exploits0References1
zdi
zdi
•added 2010/03/16 12:0 a.m.•33 views

Apple Webkit Blink Event Dangling Pointer Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable software utilizing Apple's WebKit library. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists due to a failure to unregister a callba...

10CVSS2.8AI score0.11637EPSS
Exploits0References1
zdi
zdi
•added 2009/12/08 12:0 a.m.•33 views

Microsoft Windows Intel Indeo Codec Parsing Heap Overflow Vulnerability

This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Windows Media Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Inte...

9.3CVSS4.8AI score0.24111EPSS
Exploits0References1
zdi
zdi
•added 2009/06/10 12:0 a.m.•33 views

Microsoft Office Excel QSIR Record Pointer Corruption Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. Exploitation requires user interaction in that a victim must open a malicious XLS file. The specific flaw exists within the parsing of the BIFF file format used by Microsoft...

9.3CVSS4.4AI score0.35698EPSS
Exploits5References1
zdi
zdi
•added 2009/06/08 12:0 a.m.•33 views

Apple Safari SVG Set.targetElement() Memory Corruption Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the garbage collection of JavaScript set element...

9.3CVSS2AI score0.06916EPSS
Exploits1References1
zdi
zdi
•added 2009/01/21 12:0 a.m.•33 views

Apple QuickTime AVI Header nBlockAlign Heap Corruption Vulnerability

This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of AVI file...

9.3CVSS4.2AI score0.09396EPSS
Exploits0References1
zdi
zdi
•added 2008/12/09 12:0 a.m.•33 views

Microsoft Office Word Document Table Property Stack Overflow Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Word. Exploitation requires that the attacker coerce the target into opening a malicious .DOC file. The specific flaw exists when processing a malformed table property within a...

9.3CVSS4.1AI score0.37422EPSS
Exploits0References1
zdi
zdi
•added 2008/12/04 12:0 a.m.•33 views

Trillian AIM Plugin Malformed XML Tag Heap Overflow Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cerulean Studios Trillian. Authentication is not required to exploit this vulnerability. The specific flaw exists within the XML processing code for Trillian. When parsing a malformed XML tag, the...

10CVSS4.9AI score0.07929EPSS
Exploits0References1
zdi
zdi
•added 2008/09/09 12:0 a.m.•33 views

Apple QuickTime MDAT Frame Parsing Memory Corruption Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the parsing of mov...

9.3CVSS4.4AI score0.08618EPSS
Exploits1References1
zdi
zdi
•added 2008/04/16 12:0 a.m.•33 views

Apple Safari WebKit PCRE Handling Integer Overflow Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the regular expression compiler...

6.8CVSS4.4AI score0.04752EPSS
Exploits1References1
zdi
zdi
•added 2007/12/10 12:0 a.m.•33 views

Novell NetMail AntiVirus Agent Multiple Heap Overflow Vulnerabilities

These vulnerabilities allow attackers to execute arbitrary code on vulnerable installations of Novell NetMail. User interaction is not required to exploit this vulnerability. The specific flaws exist in the AntiVirus agent which listens on a random high TCP port. The avirus.exe service protocol...

6.8CVSS2.3AI score0.05597EPSS
Exploits0References1
zdi
zdi
•added 2007/05/01 12:0 a.m.•33 views

Apple QTJava toQTPointer() Pointer Arithmetic Memory Overwrite Vulnerability

This vulnerability allows attackers to execute arbitrary code on systems with vulnerable installations of Apple's QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The flaw exists within the QuickTime Java extensions QTJava.dll,...

7.6CVSS5.4AI score0.83804EPSS
Exploits1References1
zdi
zdi
•added 2007/04/18 12:0 a.m.•33 views

BMC Patrol PerformAgent bgs_sdservice Memory Corruption Vulnerability

This vulnerability allows attackers to execute arbitrary code on vulnerable installations of BMC Patrol. User interaction is not required to exploit this vulnerability. The specific flaw exists due to improper parsing of XDR data sent to the bgssdservice.exe process listening by default on TCP po...

7.5CVSS5.2AI score0.04338EPSS
Exploits0
zdi
zdi
•added 2006/12/13 12:0 a.m.•33 views

Symantec Veritas NetBackup Long Request Buffer Overflow Vulnerability

This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Symantec Veritas NetBackup. Authentication is not required to exploit this vulnerability. The specific flaw exists within bpcd.exe during the parsing of overly long requests to a NetBackup Master/Media...

10CVSS4.9AI score0.11948EPSS
Exploits0References1
zdi
zdi
•added 2006/09/08 12:0 a.m.•33 views

Ipswitch Collaboration Suite SMTP Server Stack Overflow Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Ipswitch Collaboration Suite and IMail. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SMTP daemon. A lack of bounds checking during the parsing o...

7.5CVSS4.5AI score0.60041EPSS
Exploits8References1
zdi
zdi
•added 2006/07/25 12:0 a.m.•33 views

eIQnetworks Enterprise Security Analyzer Syslog TCP Server Buffer Overflow Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of eIQnetworks Enterprise Security Analyzer. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Syslog daemon, syslogserver.exe, during the processing of...

10CVSS3.3AI score0.73149EPSS
Exploits8References1
zdi
zdi
•added 2006/04/25 12:0 a.m.•33 views

Mozilla Firefox Table Rebuilding Code Execution Vulnerability

This vulnerability allows attackers to execute arbitrary code on vulnerable installations of the Mozilla/Firefox web browser and Thunderbird e-mail client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious e-mail. The...

9.3CVSS3.5AI score0.07786EPSS
Exploits0References1
Total number of security vulnerabilities5000