Max CVSS 10.0 Min CVSS 1.2 Total Count1762
IDCVSSSummaryLast (major) updatePublished
CVE-2017-15271 None
A use-after-free issue could be triggered remotely in the SFTP component of PSFTPd 10.0.4 Build 729. This issue could be triggered prior to authentication. The PSFTPd server did not automatically restart, which enabled attackers to perform a very eff
15-11-2017 - 11:29 15-11-2017 - 11:29
CVE-2017-15270 None
The PSFTPd 10.0.4 Build 729 server does not properly escape data before writing it into a Comma Separated Values (CSV) file. This can be used by attackers to hide data in the Graphical User Interface (GUI) view and create arbitrary entries to a certa
15-11-2017 - 11:29 15-11-2017 - 11:29
CVE-2017-14961 None
In IKARUS anti.virus 2.16.7, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x8300000c.
15-11-2017 - 11:29 15-11-2017 - 11:29
CVE-2017-11873 None
ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, a
14-11-2017 - 22:29 14-11-2017 - 22:29
CVE-2017-11861 None
Microsoft Edge in Windows 10 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine
14-11-2017 - 22:29 14-11-2017 - 22:29
CVE-2017-16806 None
The Process function in RemoteTaskServer/WebServer/HttpServer.cs in Ulterius before 1.9.5.0 allows HTTP server directory traversal.
13-11-2017 - 16:29 13-11-2017 - 16:29
CVE-2017-12969 None
Buffer overflow in the ViewerCtrlLib.ViewerCtrl ActiveX control in Avaya IP Office Contact Center before 10.1.1 allows remote attackers to cause a denial of service (heap corruption and crash) or execute arbitrary code via a long string to the open m
09-11-2017 - 21:29 09-11-2017 - 21:29
CVE-2017-11309 None
Buffer overflow in the SoftConsole client in Avaya IP Office before 10.1.1 allows remote servers to execute arbitrary code via a long response.
09-11-2017 - 21:29 09-11-2017 - 21:29
CVE-2017-6331 None
Prior to SEP 14 RU1 Symantec Endpoint Protection product can encounter an issue of Tamper-Protection Bypass, which is a type of attack that bypasses the real time protection for the application that is run on servers and clients.
06-11-2017 - 18:29 06-11-2017 - 18:29
CVE-2017-16543 None
Zoho ManageEngine Applications Manager 13 allows SQL injection via GraphicalView.do, as demonstrated by a crafted viewProps yCanvas field or viewid parameter.
05-11-2017 - 12:29 05-11-2017 - 12:29
CVE-2017-16542 None
Zoho ManageEngine Applications Manager 13 allows Post-authentication SQL injection via the name parameter in a manageApplications.do?method=insert request.
05-11-2017 - 12:29 05-11-2017 - 12:29
CVE-2017-16513 None
Ipswitch WS_FTP Professional before 12.6.0.3 has buffer overflows in the local search field and the backup locations field, aka WSCLT-1729.
03-11-2017 - 11:29 03-11-2017 - 11:29
CVE-2017-16237 4.6
In Vir.IT eXplorer Anti-Virus before 8.5.42, the driver file (VIAGLT64.SYS) contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x8273007C.
03-11-2017 - 01:29 03-11-2017 - 01:29
CVE-2017-15921 5.0
In Watchdog Anti-Malware 2.74.186.150 and Online Security Pro 2.74.186.150, the zam32.sys driver contains a NULL pointer dereference vulnerability that gets triggered when sending an operation to ioctl 0x80002010. This is due to the input buffer bein
30-10-2017 - 11:29 30-10-2017 - 11:29
CVE-2017-15920 5.0
In Watchdog Anti-Malware 2.74.186.150 and Online Security Pro 2.74.186.150, the zam32.sys driver contains a NULL pointer dereference vulnerability that gets triggered when sending an operation to ioctl 0x80002054. This is due to the input buffer bein
30-10-2017 - 11:29 30-10-2017 - 11:29
CVE-2017-15223 5.0
Denial-of-service vulnerability in ArGoSoft Mini Mail Server 1.0.0.2 and earlier allows remote attackers to waste CPU resources (memory consumption) via unspecified vectors, possibly triggering an infinite loop.
24-10-2017 - 13:29 24-10-2017 - 13:29
CVE-2017-15222 7.5
Buffer Overflow vulnerability in Ayukov NFTPD 2.0 and earlier allows remote attackers to execute arbitrary code.
24-10-2017 - 13:29 24-10-2017 - 13:29
CVE-2017-15221 6.8
ASX to MP3 converter 3.1.3.7.2010.11.05 has a buffer overflow via a crafted M3U file, a related issue to CVE-2009-1324.
16-10-2017 - 14:29 16-10-2017 - 14:29
CVE-2017-11823 7.2
The Microsoft Device Guard on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a security feature bypass by the way it handles Windows PowerShell sessions, aka "Microsoft Windows Security Feature Bypass".
13-10-2017 - 09:29 13-10-2017 - 09:29
CVE-2017-11811 7.6
ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scr
13-10-2017 - 09:29 13-10-2017 - 09:29
CVE-2017-11810 7.6
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in t
13-10-2017 - 09:29 13-10-2017 - 09:29
CVE-2017-11809 7.6
ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scr
13-10-2017 - 09:29 13-10-2017 - 09:29
CVE-2017-11802 7.6
ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scr
13-10-2017 - 09:29 13-10-2017 - 09:29
CVE-2017-11799 7.6
ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scr
13-10-2017 - 09:29 13-10-2017 - 09:29
CVE-2017-11785 2.1
The Microsoft Windows Kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows an information
13-10-2017 - 09:29 13-10-2017 - 09:29
CVE-2017-15220 7.5
Flexense VX Search Enterprise 10.1.12 is vulnerable to a buffer overflow via an empty POST request to a long URI beginning with a /../ substring. This allows remote attackers to execute arbitrary code.
11-10-2017 - 09:29 11-10-2017 - 09:29
CVE-2017-14089 7.5
An Unauthorized Memory Corruption vulnerability in Trend Micro OfficeScan 11.0 and XG may allow remote unauthenticated users who can access the OfficeScan server to target cgiShowClientAdm.exe and cause memory corruption issues.
05-10-2017 - 21:29 05-10-2017 - 21:29
CVE-2017-14086 7.8
Pre-authorization Start Remote Process vulnerabilities in Trend Micro OfficeScan 11.0 and XG may allow unauthenticated users who can access the OfficeScan server to start the fcgiOfcDDA.exe executable or cause a potential INI corruption, which may ca
05-10-2017 - 21:29 05-10-2017 - 21:29
CVE-2017-14084 6.8
A potential Man-in-the-Middle (MitM) attack vulnerability in Trend Micro OfficeScan 11.0 and XG may allow attackers to execute arbitrary code on vulnerable installations.
05-10-2017 - 21:29 05-10-2017 - 21:29
CVE-2017-15035 5.0
EmTec PyroBatchFTP before 3.18 allows remote servers to cause a denial of service (application crash).
05-10-2017 - 03:29 05-10-2017 - 03:29
CVE-2017-14702 7.5
ERS Data System 1.8.1.0 allows remote attackers to execute arbitrary code, related to "com.branaghgroup.ecers.update.UpdateRequest" object deserialization.
29-09-2017 - 21:29 29-09-2017 - 21:29
CVE-2017-14627 6.8
Stack-based buffer overflows in CyberLink LabelPrint 2.5 allow remote attackers to execute arbitrary code via the (1) author (inside the INFORMATION tag), (2) name (inside the INFORMATION tag), (3) artist (inside the TRACK tag), or (4) default (insid
23-09-2017 - 16:29 23-09-2017 - 16:29
CVE-2017-14311 4.6
The Winring0x32.sys driver in NetMechanica NetDecision 5.8.2 allows local users to gain privileges via a crafted 0x9C402088 IOCTL call.
19-09-2017 - 12:29 19-09-2017 - 12:29
CVE-2017-12615 6.8
When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP
19-09-2017 - 09:29 19-09-2017 - 09:29
CVE-2017-6008 4.6
A kernel pool overflow in the driver hitmanpro37.sys in Sophos SurfRight HitmanPro before 3.7.20 Build 286 (included in the HitmanPro.Alert solution and Sophos Clean) allows local users to escalate privileges via a malformed IOCTL call.
13-09-2017 - 04:29 13-09-2017 - 04:29
CVE-2017-8759 9.3
Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to execute code remotely via a malicious document or application, aka ".NET Framework Remote Code Execution Vulnerability."
12-09-2017 - 21:29 12-09-2017 - 21:29
CVE-2017-8755 7.6
Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the scripting engine handles objects in memory in Microsoft Edge, ak
12-09-2017 - 21:29 12-09-2017 - 21:29
CVE-2017-8751 7.6
Microsoft Edge in Microsoft Windows 1703 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft Edge accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability". This CVE ID
12-09-2017 - 21:29 12-09-2017 - 21:29
CVE-2017-8740 7.6
Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vu
12-09-2017 - 21:29 12-09-2017 - 21:29
CVE-2017-8734 7.6
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft Edge accesses objects in memory, aka "Microsoft Edge
12-09-2017 - 21:29 12-09-2017 - 21:29
CVE-2017-8731 7.6
Microsoft Edge in Microsoft Windows 10 1607 and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft Edge accesses objects in memory, aka "Microsoft Edge Memory Corruption
12-09-2017 - 21:29 12-09-2017 - 21:29
CVE-2017-8729 7.6
Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vu
12-09-2017 - 21:29 12-09-2017 - 21:29
CVE-2017-8708 1.9
The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure
12-09-2017 - 21:29 12-09-2017 - 21:29
CVE-2017-8687 2.1
The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure
12-09-2017 - 21:29 12-09-2017 - 21:29
CVE-2017-8685 2.1
Windows GDI+ on Microsoft Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows information disclosure by the way it discloses kernel memory addresses, aka "Windows GDI+ Information Disclosure Vulnerability". This CVE ID is unique from CVE-201
12-09-2017 - 21:29 12-09-2017 - 21:29
CVE-2017-8684 2.1
Windows GDI+ on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT 8.1, allows information disclosure by the way it discloses kernel memory addresses, aka "Windows GDI+ Informatio
12-09-2017 - 21:29 12-09-2017 - 21:29
CVE-2017-8683 2.1
Windows graphics on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows an attacker to execute remote code b
12-09-2017 - 21:29 12-09-2017 - 21:29
CVE-2017-8682 9.3
Windows graphics on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, Windows Server 2016, Microsoft Office Word Viewer, Microsoft Office
12-09-2017 - 21:29 12-09-2017 - 21:29
CVE-2017-8681 2.1
The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure
12-09-2017 - 21:29 12-09-2017 - 21:29
CVE-2017-8680 2.1
The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT 8.1 allows an information disclosure vulnerability when it improperly handles objects in memory,
12-09-2017 - 21:29 12-09-2017 - 21:29
CVE-2017-8678 2.1
The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure
12-09-2017 - 21:29 12-09-2017 - 21:29
CVE-2017-11764 7.6
Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka "Script
12-09-2017 - 21:29 12-09-2017 - 21:29
CVE-2017-14344 7.2
This vulnerability allows local attackers to escalate privileges on Jungo WinDriver 12.4.0 and earlier. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific
12-09-2017 - 14:29 12-09-2017 - 14:29
CVE-2017-14153 7.2
This vulnerability allows local attackers to escalate privileges on Jungo WinDriver 12.4.0 and earlier. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific
11-09-2017 - 13:29 11-09-2017 - 13:29
CVE-2017-14075 7.2
This vulnerability allows local attackers to escalate privileges on Jungo WinDriver 12.4.0 and earlier. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific
11-09-2017 - 13:29 11-09-2017 - 13:29
CVE-2017-11567 6.8
Cross-site request forgery (CSRF) vulnerability in Mongoose Web Server before 6.9 allows remote attackers to hijack the authentication of users for requests that modify Mongoose.conf via a request to __mg_admin?save. NOTE: this issue can be leverage
07-09-2017 - 09:29 07-09-2017 - 09:29
CVE-2017-9644 6.9
An Unquoted Search Path or Element issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5
25-08-2017 - 15:29 25-08-2017 - 15:29
CVE-2017-9767 3.5
Multiple cross-site scripting (XSS) vulnerabilities in Quali CloudShell before 8 allow remote authenticated users to inject arbitrary web script or HTML via the (1) Name or (2) Description parameter to RM/Reservation/ReserveNew; the (3) Description p
18-08-2017 - 12:29 18-08-2017 - 12:29
CVE-2017-3106 9.3
Adobe Flash Player versions 26.0.0.137 and earlier have an exploitable type confusion vulnerability when parsing SWF files. Successful exploitation could lead to arbitrary code execution.
11-08-2017 - 15:29 11-08-2017 - 15:29
CVE-2015-2291 7.2
(1) IQVW32.sys before 1.3.1.0 and (2) IQVW64.sys before 1.3.1.0 in the Intel Ethernet diagnostics driver for Windows allows local users to cause a denial of service or possibly execute arbitrary code with kernel privileges via a crafted (a) 0x8086201
09-08-2017 - 14:29 09-08-2017 - 14:29
CVE-2017-8671 7.6
Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling obj
08-08-2017 - 17:29 08-08-2017 - 17:29
CVE-2017-8670 7.6
Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects i
08-08-2017 - 17:29 08-08-2017 - 17:29
CVE-2017-8657 7.6
Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling obj
08-08-2017 - 17:29 08-08-2017 - 17:29
CVE-2017-8656 7.6
Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects i
08-08-2017 - 17:29 08-08-2017 - 17:29
CVE-2017-8646 7.6
Microsoft Edge in Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in me
08-08-2017 - 17:29 08-08-2017 - 17:29
CVE-2017-8645 7.6
Microsoft Edge in Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in me
08-08-2017 - 17:29 08-08-2017 - 17:29
CVE-2017-8644 4.3
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to disclose information due to the way that Microsoft Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability".
08-08-2017 - 17:29 08-08-2017 - 17:29
CVE-2017-8641 7.6
Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the conte
08-08-2017 - 17:29 08-08-2017 - 17:29
CVE-2017-8640 7.6
Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects
08-08-2017 - 17:29 08-08-2017 - 17:29
CVE-2017-8636 7.6
Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the conte
08-08-2017 - 17:29 08-08-2017 - 17:29
CVE-2017-8635 7.6
Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the conte
08-08-2017 - 17:29 08-08-2017 - 17:29
CVE-2017-8634 7.6
Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine
08-08-2017 - 17:29 08-08-2017 - 17:29
CVE-2017-10204 4.6
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastruc
08-08-2017 - 11:29 08-08-2017 - 11:29
CVE-2017-10129 4.6
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastruc
08-08-2017 - 11:29 08-08-2017 - 11:29
CVE-2017-7442 6.8
Nitro Pro 11.0.3.173 allows remote attackers to execute arbitrary code via saveAs and launchURL calls with directory traversal sequences.
03-08-2017 - 04:29 03-08-2017 - 04:29
CVE-2017-8870 6.8
Buffer overflow in AudioCoder 0.8.46 allows remote attackers to execute arbitrary code via a crafted .m3u file.
27-07-2017 - 14:29 27-07-2017 - 14:29
CVE-2017-9413 6.8
Multiple cross-site request forgery (CSRF) vulnerabilities in the Podcast feature in Subsonic 6.1.1 allow remote attackers to hijack the authentication of users for requests that (1) subscribe to a podcast via the add parameter to podcastReceiverAdmi
25-07-2017 - 14:29 25-07-2017 - 14:29
CVE-2017-11517 7.5
Stack-based buffer overflow in GCoreServer.exe in the server in Geutebrueck Gcore 1.3.8.42 and 1.4.2.37 allows remote attackers to execute arbitrary code via a long URI in a GET request.
21-07-2017 - 16:29 21-07-2017 - 16:29
CVE-2017-9415 5.1
Cross-site request forgery (CSRF) vulnerability in subsonic 6.1.1 allows remote attackers with knowledge of the target username to hijack the authentication of users for requests that change passwords via a crafted request to userSettings.view.
21-07-2017 - 10:29 21-07-2017 - 10:29
CVE-2017-8618 7.6
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 Internet Explorer in the way affected Microsoft scrip
11-07-2017 - 17:29 11-07-2017 - 17:29
CVE-2017-8601 7.6
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Mi
11-07-2017 - 17:29 11-07-2017 - 17:29
CVE-2017-8594 7.6
Internet Explorer on Microsoft Windows 8.1 and Windows RT 8.1, and Windows Server 2012 R2 allows an attacker to execute arbitrary code in the context of the current user when Internet Explorer improperly accesses objects in memory, aka "Internet Expl
11-07-2017 - 17:29 11-07-2017 - 17:29
CVE-2017-8564 2.1
Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability
11-07-2017 - 17:29 11-07-2017 - 17:29
CVE-2017-8558 9.3
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on 32-bit versions of Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10
29-06-2017 - 09:29 29-06-2017 - 09:29
CVE-2015-9098 10.0
In Redgate SQL Monitor before 3.10 and 4.x before 4.2, a remote attacker can gain unauthenticated access to the Base Monitor, resulting in the ability to execute arbitrary SQL commands on any monitored Microsoft SQL Server machines. If the Base Monit
22-06-2017 - 15:29 22-06-2017 - 15:29
CVE-2017-8487 9.3
Windows OLE in Windows XP and Windows Server 2003 allows an attacker to execute code when a victim opens a specially crafted file or program aka "Windows olecnv32.dll Remote Code Execution Vulnerability."
15-06-2017 - 16:29 15-06-2017 - 16:29
CVE-2017-8550 8.5
A remote code execution vulnerability exists in Skype for Business when the software fails to sanitize specially crafted content, aka "Skype for Business Remote Code Execution Vulnerability".
14-06-2017 - 21:29 14-06-2017 - 21:29
CVE-2017-8548 7.6
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system when Microsoft Edge improperly handles objects in memory, aka "Scripting Engin
14-06-2017 - 21:29 14-06-2017 - 21:29
CVE-2017-8496 7.6
Microsoft Edge in Windows 10 1607 and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability".
14-06-2017 - 21:29 14-06-2017 - 21:29
CVE-2017-8492 1.9
The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information
14-06-2017 - 21:29 14-06-2017 - 21:29
CVE-2017-8491 1.9
The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information
14-06-2017 - 21:29 14-06-2017 - 21:29
CVE-2017-8490 1.9
The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information
14-06-2017 - 21:29 14-06-2017 - 21:29
CVE-2017-8489 1.9
The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information
14-06-2017 - 21:29 14-06-2017 - 21:29
CVE-2017-8488 1.9
The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information
14-06-2017 - 21:29 14-06-2017 - 21:29
CVE-2017-8485 1.9
The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information
14-06-2017 - 21:29 14-06-2017 - 21:29
CVE-2017-8484 1.9
Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an authenticated attacker to run a specially crafted applica
14-06-2017 - 21:29 14-06-2017 - 21:29
CVE-2017-8483 1.9
The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information
14-06-2017 - 21:29 14-06-2017 - 21:29
CVE-2017-8482 1.9
The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information
14-06-2017 - 21:29 14-06-2017 - 21:29
CVE-2017-8481 1.9
The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information
14-06-2017 - 21:29 14-06-2017 - 21:29
CVE-2017-8480 1.9
The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information
14-06-2017 - 21:29 14-06-2017 - 21:29
CVE-2017-8479 1.9
The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information
14-06-2017 - 21:29 14-06-2017 - 21:29
CVE-2017-8478 1.9
The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information
14-06-2017 - 21:29 14-06-2017 - 21:29
CVE-2017-8477 1.9
Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an authenticated attacker to run a specially crafted applica
14-06-2017 - 21:29 14-06-2017 - 21:29
CVE-2017-8476 1.9
The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information
14-06-2017 - 21:29 14-06-2017 - 21:29
CVE-2017-8473 1.9
Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and Windows Server 2016 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly in
14-06-2017 - 21:29 14-06-2017 - 21:29
CVE-2017-8472 1.9
Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly initializes objects in memory, aka "Win32k Information Disc
14-06-2017 - 21:29 14-06-2017 - 21:29
CVE-2017-8471 1.9
Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an authenticated attacker to run a specially crafted applica
14-06-2017 - 21:29 14-06-2017 - 21:29
CVE-2017-8470 1.9
Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an authenticated attacker to run a specially crafted applica
14-06-2017 - 21:29 14-06-2017 - 21:29
CVE-2017-8469 2.1
The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows an authenticated attacker to obtain information via a
14-06-2017 - 21:29 14-06-2017 - 21:29
CVE-2017-8464 9.3
Windows Shell in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows local users or remote attackers t
14-06-2017 - 21:29 14-06-2017 - 21:29
CVE-2017-8462 1.9
The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information
14-06-2017 - 21:29 14-06-2017 - 21:29
CVE-2017-0300 1.9
The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information
14-06-2017 - 21:29 14-06-2017 - 21:29
CVE-2017-0299 1.9
The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information
14-06-2017 - 21:29 14-06-2017 - 21:29
CVE-2017-0289 1.9
Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka "Windows Graphi
14-06-2017 - 21:29 14-06-2017 - 21:29
CVE-2017-0288 1.9
Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka "Windows Graphi
14-06-2017 - 21:29 14-06-2017 - 21:29
CVE-2017-0287 1.9
Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka "Graphics Unisc
14-06-2017 - 21:29 14-06-2017 - 21:29
CVE-2017-0286 1.9
Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka "Windows Graphi
14-06-2017 - 21:29 14-06-2017 - 21:29
CVE-2017-0285 1.9
Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016, Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, and Microsoft
14-06-2017 - 21:29 14-06-2017 - 21:29
CVE-2017-0284 1.9
Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016, Microsoft Office 2007 SP3, and Microsoft Office 2010 SP2 allows impr
14-06-2017 - 21:29 14-06-2017 - 21:29
CVE-2017-0283 9.3
Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office Wor
14-06-2017 - 21:29 14-06-2017 - 21:29
CVE-2017-0282 1.9
Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016, Microsoft Office 2007 SP3, and Microsoft Office 2010 SP2 allows impr
14-06-2017 - 21:29 14-06-2017 - 21:29
CVE-2017-9557 5.0
register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to discover passwords by sending the username parameter in conjunction with an empty password parameter, and reading the HTML source code of the response.
12-06-2017 - 11:29 12-06-2017 - 11:29
CVE-2017-9544 7.5
There is a remote stack-based buffer overflow (SEH) in register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1. By sending an overly long username string to registresult.htm for registering the user, an attacker may be able to execute arbit
12-06-2017 - 02:29 12-06-2017 - 02:29
CVE-2017-9543 5.0
register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to reset arbitrary passwords via a crafted POST request to registresult.htm.
12-06-2017 - 02:29 12-06-2017 - 02:29
CVE-2017-7180 6.9
Net Monitor for Employees Pro through 5.3.4 has an unquoted service path, which allows a Security Feature Bypass of its documented "Block applications" design goal. The local attacker must have privileges to write to program.exe in a protected direct
08-06-2017 - 08:29 08-06-2017 - 08:29
CVE-2017-9355 4.3
XML external entity (XXE) vulnerability in the import playlist feature in Subsonic 6.1.1 might allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted XSPF playlist file.
07-06-2017 - 15:29 07-06-2017 - 15:29
CVE-2017-8541 9.3
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, a
26-05-2017 - 16:29 26-05-2017 - 16:29
CVE-2017-8540 9.3
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, a
26-05-2017 - 16:29 26-05-2017 - 16:29
CVE-2017-8538 9.3
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, a
26-05-2017 - 16:29 26-05-2017 - 16:29
CVE-2017-8537 4.3
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, a
26-05-2017 - 16:29 26-05-2017 - 16:29
CVE-2017-8536 4.3
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, a
26-05-2017 - 16:29 26-05-2017 - 16:29
CVE-2017-8535 4.3
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, a
26-05-2017 - 16:29 26-05-2017 - 16:29
CVE-2017-1092 10.0
IBM Informix Open Admin Tool 11.5, 11.7, and 12.1 could allow an unauthorized user to execute arbitrary code as system admin on Windows servers. IBM X-Force ID: 120390.
22-05-2017 - 16:29 22-05-2017 - 16:29
CVE-2017-4916 6.8
VMware Workstation Pro/Player contains a NULL pointer dereference vulnerability that exists in the vstor2 driver. Successful exploitation of this issue may allow host users with normal user privileges to trigger a denial-of-service in a Windows host
22-05-2017 - 10:29 22-05-2017 - 10:29
CVE-2017-9024 5.0
Secure Bytes Cisco Configuration Manager, as bundled in Secure Bytes Secure Cisco Auditor (SCA) 3.0, has a Directory Traversal issue in its TFTP Server, allowing attackers to read arbitrary files via ../ sequences in a pathname.
21-05-2017 - 10:29 21-05-2017 - 10:29
CVE-2017-5177 5.0
A Stack Buffer Overflow issue was discovered in VIPA Controls WinPLC7 5.0.45.5921 and prior. A stack-based buffer overflow vulnerability has been identified, where an attacker with a specially crafted packet could overflow the fixed length buffer. Th
18-05-2017 - 23:29 18-05-2017 - 23:29
CVE-2017-8927 6.8
Buffer overflow in Larson VizEx Reader 9.7.5 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .tif file.
15-05-2017 - 14:29 15-05-2017 - 14:29
CVE-2017-8926 6.8
Buffer overflow in Halliburton LogView Pro 10.0.1 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .tif file.
15-05-2017 - 14:29 15-05-2017 - 14:29
CVE-2017-0259 1.9
The Windows kernel in Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows authenticated attackers to obtain sensitive information via a specially crafted document, aka "Wind
12-05-2017 - 10:29 12-05-2017 - 10:29
CVE-2017-0258 1.9
The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows authenticated attackers to obtain sensi
12-05-2017 - 10:29 12-05-2017 - 10:29
CVE-2017-0245 1.9
The kernel-mode drivers in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1 and Windows Server 2012 Gold allow a local authenticated attacker to execute a specially crafted application to obtain kernel information, aka "Win32k Information Disclosure
12-05-2017 - 10:29 12-05-2017 - 10:29
CVE-2017-0220 1.9
The Windows kernel in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Windows Server 2012 Gold allows authenticated attackers to obtain sensitive information via a specially crafted document, aka "Windows Kernel Information Disclosure Vulnerab
12-05-2017 - 10:29 12-05-2017 - 10:29
CVE-2017-0214 4.4
Windows COM in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation privilege vulnerability when
12-05-2017 - 10:29 12-05-2017 - 10:29
CVE-2017-0213 1.9
Windows COM Aggregate Marshaler in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation privilege
12-05-2017 - 10:29 12-05-2017 - 10:29
CVE-2017-0175 2.1
The Windows kernel in Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows authenticated attackers to obtain sensitive information via a specially crafted document, aka "Windows Kernel Information Disclosure Vulnerability," a different vulner
12-05-2017 - 10:29 12-05-2017 - 10:29
CVE-2017-8339 4.9
PSKMAD.sys in Panda Free Antivirus 18.0 allows local users to cause a denial of service (BSoD) via a crafted DeviceIoControl request to \\.\PSMEMDriver.
11-05-2017 - 21:29 30-04-2017 - 13:59
CVE-2017-0290 9.3
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, a
11-05-2017 - 21:29 09-05-2017 - 02:29
CVE-2017-8895 10.0
In Veritas Backup Exec 2014 before build 14.1.1187.1126, 15 before build 14.2.1180.3160, and 16 before FP1, there is a use-after-free vulnerability in multiple agents that can lead to a denial of service or remote code execution. An authenticated att
10-05-2017 - 17:29 10-05-2017 - 17:29
CVE-2017-7293 7.2
The Dolby DAX2 and DAX3 API services are vulnerable to a privilege escalation vulnerability that allows a normal user to get arbitrary system privileges, because these services have .NET code for DCOM. This affects Dolby Audio X2 (DAX2) 1.0, 1.0.1, 1
10-05-2017 - 12:48 26-04-2017 - 01:59
CVE-2017-6953 4.6
Gemalto SmartDiag Diagnosis Tool v2.5 has a stack-based Buffer Overflow with SEH Overwrite via long "Register a new card" input fields. There may be a risk of local code execution with untrusted input to SmartDiag.exe or SymDiag.exe.
08-05-2017 - 13:29 08-05-2017 - 13:29
CVE-2017-7720 4.6
Buffer overflow in PrivateTunnel 2.7 and 2.8 allows local attackers to cause a denial of service (SEH overwrite) or possibly have unspecified other impact via a long password.
03-05-2017 - 09:15 26-04-2017 - 10:59
CVE-2017-8367 4.6
Buffer overflow in Ether Software Easy MOV Converter 1.4.24, Easy DVD Creator, Easy MPEG/AVI/DIVX/WMV/RM to DVD, Easy Avi/Divx/Xvid to DVD Burner, Easy MPEG to DVD Burner, Easy WMV/ASF/ASX to DVD Burner, Easy RM RMVB to DVD Burner, Easy CD DVD Copy,
30-04-2017 - 15:59 30-04-2017 - 15:59
CVE-2015-8285 5.0
The webssx.sys driver in QuickHeal 16.00 allows remote attackers to cause a denial of service.
26-04-2017 - 21:59 20-04-2017 - 17:59
CVE-2017-7457 1.9
XML External Entity via ".AOP" files used by Moxa MX-AOPC Server 1.5 result in remote file disclosure.
21-04-2017 - 14:24 14-04-2017 - 10:59
CVE-2017-0199 9.3
Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, Microsoft Office 2016, Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, Windows 8.1 allow remote attackers to execute arbitrary code via a crafted do
20-04-2017 - 14:23 12-04-2017 - 10:59
CVE-2017-7455 5.0
Moxa MXView 2.8 allows remote attackers to read web server's private key file, no access control.
20-04-2017 - 14:08 14-04-2017 - 10:59
CVE-2017-7456 5.0
Moxa MXView 2.8 allows remote attackers to cause a Denial of Service by sending overly long junk payload for the MXView client login credentials.
20-04-2017 - 14:08 14-04-2017 - 10:59
CVE-2017-0202 7.6
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user, a.k.a. "
20-04-2017 - 13:47 12-04-2017 - 10:59
CVE-2017-0211 4.3
An elevation of privilege vulnerability exists in Windows 10, Windows 8.1, Windows RT 8.1, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 versions of Microsoft Windows OLE when it fails an integrity-level check, aka "Windows OLE
20-04-2017 - 12:58 12-04-2017 - 10:59
CVE-2017-3006 9.0
Adobe Thor versions 3.9.5.353 and earlier have a vulnerability related to the use of improper resource permissions during the installation of Creative Cloud desktop applications.
19-04-2017 - 19:33 12-04-2017 - 10:59
CVE-2017-0167 2.1
An information disclosure vulnerability exists in Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows 10, and Windows Server 2016 when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulne
18-04-2017 - 13:15 12-04-2017 - 10:59
CVE-2017-0160 7.2
Microsoft .NET Framework 2.0, 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allows an attacker with access to the local system to execute malicious code, aka ".NET Remote Code Execution Vulnerability."
18-04-2017 - 10:07 12-04-2017 - 10:59
CVE-2017-0058 1.9
A Win32k information disclosure vulnerability exists in Microsoft Windows when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the us
18-04-2017 - 10:02 12-04-2017 - 10:59
CVE-2017-0165 7.2
An elevation of privilege vulnerability exists when Microsoft Windows running on Windows 10, Windows 10 1511, Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 fails to properly sanitize handles in memory, aka "Windows Elevation of Privilege Vu
17-04-2017 - 15:12 12-04-2017 - 10:59
CVE-2017-7237 7.5
The Spiceworks TFTP Server, as distributed with Spiceworks Inventory 7.5, allows remote attackers to access the Spiceworks data\configurations directory by leveraging the unauthenticated nature of the TFTP service for all clients who can reach UDP po
12-04-2017 - 15:27 06-04-2017 - 11:59
CVE-2016-8769 7.2
Huawei UTPS earlier than UTPS-V200R003B015D16SPC00C983 has an unquoted service path vulnerability which can lead to the truncation of UTPS service query paths. An attacker may put an executable file in the search path of the affected service and obta
10-04-2017 - 21:06 02-04-2017 - 16:59
CVE-2017-0037 7.6
Microsoft Internet Explorer 10 and 11 and Microsoft Edge have a type confusion issue in the Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement function in mshtml.dll, which allows remote attackers to execute arbitrary code via ve
03-04-2017 - 21:59 26-02-2017 - 18:59
CVE-2017-7310 6.8
A buffer overflow vulnerability in Import Command in Sync Breeze Enterprise Client 9.5.16, Disk Sorter Enterprise Client 9.5.12, and DiskBoss Enterprise Client 7.8.16 allows attackers to execute arbitrary code via a crafted XML file containing a long
03-04-2017 - 09:43 29-03-2017 - 17:59
CVE-2017-7269 10.0
Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If: <http://
01-04-2017 - 21:59 26-03-2017 - 22:59
CVE-2017-0100 4.4
A DCOM object in Helppane.exe in Microsoft Windows 7 SP1; Windows Server 2008 R2; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows local users to gain privileges via a craft
31-03-2017 - 21:59 16-03-2017 - 20:59
CVE-2017-7183 5.0
The TFTP server in ExtraPuTTY 0.30 and earlier allows remote attackers to cause a denial of service (crash) via a large (1) read or (2) write TFTP protocol message.
31-03-2017 - 07:51 27-03-2017 - 13:59
CVE-2017-7230 7.5
A buffer overflow vulnerability in Disk Sorter Enterprise 9.5.12 and earlier allows remote attackers to execute arbitrary code via a GET request.
30-03-2017 - 21:59 22-03-2017 - 14:59
CVE-2017-0038 4.3
gdi32.dll in Graphics Device Interface (GDI) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows remote attackers
27-03-2017 - 21:59 20-02-2017 - 11:59
CVE-2017-0072 9.3
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Execution Vulnerability." This vulnerability is diffe
27-03-2017 - 10:31 16-03-2017 - 20:59
CVE-2017-6178 4.6
The IofCallDriver function in USBPcap 1.1.0.0 allows local users to gain privileges via a crafted 0x00090028 IOCTL call, which triggers a NULL pointer dereference.
24-03-2017 - 21:59 20-03-2017 - 12:59
CVE-2017-0045 4.3
Windows DVD Maker in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, and Windows Vista SP2 does not properly parse crafted .msdvd files, which allows attackers to obtain information to compromise a target system, aka "Windows DVD Maker Cross-Site
24-03-2017 - 07:01 16-03-2017 - 20:59
CVE-2017-0063 4.3
The Color Management Module (ICM32.dll) memory handling functionality in Windows Vista SP2; Windows Server 2008 SP2 and R2; and Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows
24-03-2017 - 06:55 16-03-2017 - 20:59
CVE-2016-0049 2.1
Kerberos in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 Gold and 1511 does not properly validate password changes, which allows remote attackers to bypas
23-03-2017 - 21:59 10-02-2016 - 06:59
CVE-2017-0118 4.3
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to obtain sens
23-03-2017 - 12:54 16-03-2017 - 20:59
CVE-2017-0121 4.3
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to obtain sens
23-03-2017 - 12:40 16-03-2017 - 20:59
CVE-2017-0084 9.3
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to execute arb
23-03-2017 - 12:37 16-03-2017 - 20:59
CVE-2017-6805 5.0
Directory traversal vulnerability in the TFTP server in MobaXterm Personal Edition 9.4 allows remote attackers to read arbitrary files via a .. (dot dot) in a GET command.
23-03-2017 - 11:08 20-03-2017 - 12:59
CVE-2017-5496 5.0
Sawmill Enterprise 8.7.9 allows remote attackers to gain login access by leveraging knowledge of a password hash.
21-03-2017 - 14:43 15-03-2017 - 11:59
CVE-2017-0108 9.3
The Windows Graphics Component in Microsoft Office 2007 SP3; 2010 SP2; and Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Live Meeting 2007; Silverlight 5; Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; and Windows 7 SP1 allo
21-03-2017 - 13:55 16-03-2017 - 20:59
CVE-2017-0061 2.6
The Color Management Module (ICM32.dll) memory handling functionality in Windows Vista SP2, Windows Server 2008 SP2 and R2, and Windows 7 SP1 allows remote attackers to bypass ASLR and execute code in combination with another vulnerability through a
21-03-2017 - 13:44 16-03-2017 - 20:59
CVE-2017-6880 7.5
Buffer overflow in Cerberus FTP Server 8.0.10.3 allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long MLST command.
21-03-2017 - 12:54 17-03-2017 - 13:59
CVE-2017-0062 1.9
The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain
21-03-2017 - 11:32 16-03-2017 - 20:59
CVE-2017-0060 1.9
The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain
21-03-2017 - 11:32 16-03-2017 - 20:59
CVE-2017-5359 5.0
EasyCom SQL iPlug allows remote attackers to cause a denial of service via the D$EVAL parameter to the default URI.
21-03-2017 - 11:18 15-03-2017 - 11:59
CVE-2017-5358 7.5
Stack-based buffer overflows in php_Easycom5_3_0.dll in EasyCom for PHP 4.0.0.29 allows remote attackers to execute arbitrary code via the server argument to the (1) i5_connect, (2) i5_pconnect, or (3) i5_private_connect API function.
21-03-2017 - 11:17 15-03-2017 - 11:59
CVE-2017-0103 4.4
The kernel API in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Windows Server 2012 mishandles registry objects in memory, which allows local users to gain privileges via a crafted application, aka "Windows Regis
20-03-2017 - 14:54 16-03-2017 - 20:59
CVE-2017-0147 4.3
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to
20-03-2017 - 10:34 16-03-2017 - 20:59
CVE-2017-0070 7.6
A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitra
20-03-2017 - 09:21 16-03-2017 - 20:59
CVE-2017-0148 9.3
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to
17-03-2017 - 21:59 16-03-2017 - 20:59
CVE-2017-0146 9.3
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to
17-03-2017 - 21:59 16-03-2017 - 20:59
CVE-2017-0145 9.3
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to
17-03-2017 - 21:59 16-03-2017 - 20:59
CVE-2017-0144 9.3
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to
17-03-2017 - 21:59 16-03-2017 - 20:59
CVE-2017-0143 9.3
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to
17-03-2017 - 21:59 16-03-2017 - 20:59
CVE-2017-0128 4.3
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability."
17-03-2017 - 21:59 16-03-2017 - 20:59
CVE-2017-0127 4.3
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability."
17-03-2017 - 21:59 16-03-2017 - 20:59
CVE-2017-0126 4.3
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability."
17-03-2017 - 21:59 16-03-2017 - 20:59
CVE-2017-0125 4.3
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability."
17-03-2017 - 21:59 16-03-2017 - 20:59
CVE-2017-0124 4.3
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability."
17-03-2017 - 21:59 16-03-2017 - 20:59
CVE-2017-0123 4.3
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability."
17-03-2017 - 21:59 16-03-2017 - 20:59
CVE-2017-0122 4.3
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability."
17-03-2017 - 21:59 16-03-2017 - 20:59
CVE-2017-0120 4.3
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Windows Uniscribe Information Disclosure Vulnerab
17-03-2017 - 21:59 16-03-2017 - 20:59
CVE-2017-0119 4.3
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability."
17-03-2017 - 21:59 16-03-2017 - 20:59
CVE-2017-0117 4.3
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability."
17-03-2017 - 21:59 16-03-2017 - 20:59
CVE-2017-0116 4.3
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability."
17-03-2017 - 21:59 16-03-2017 - 20:59
CVE-2017-0115 4.3
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability."
17-03-2017 - 21:59 16-03-2017 - 20:59
CVE-2017-0114 4.3
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability."
17-03-2017 - 21:59 16-03-2017 - 20:59
CVE-2017-0113 4.3
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability."
17-03-2017 - 21:59 16-03-2017 - 20:59
CVE-2017-0112 4.3
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability."
17-03-2017 - 21:59 16-03-2017 - 20:59
CVE-2017-0111 4.3
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability."
17-03-2017 - 21:59 16-03-2017 - 20:59
CVE-2017-0092 4.3
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability."
17-03-2017 - 21:59 16-03-2017 - 20:59
CVE-2017-0091 4.3
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability."
17-03-2017 - 21:59 16-03-2017 - 20:59
CVE-2017-0090 9.3
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Execution Vulnerability." This vulnerability is diffe
17-03-2017 - 21:59 16-03-2017 - 20:59
CVE-2017-0089 9.3
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Execution Vulnerability." This vulnerability is diffe
17-03-2017 - 21:59 16-03-2017 - 20:59
CVE-2017-0088 9.3
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Uniscribe Remote Code Execution Vulnerability."
17-03-2017 - 21:59 16-03-2017 - 20:59
CVE-2017-0087 9.3
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Execution Vulnerability." This vulnerability is diffe
17-03-2017 - 21:59 16-03-2017 - 20:59
CVE-2017-0086 9.3
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Execution Vulnerability." This vulnerability is diffe
17-03-2017 - 21:59 16-03-2017 - 20:59
CVE-2017-0085 4.3
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability."
17-03-2017 - 21:59 16-03-2017 - 20:59
CVE-2017-0083 9.3
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Execution Vulnerability." This vulnerability is diffe
17-03-2017 - 21:59 16-03-2017 - 20:59
CVE-2017-0059 4.3
Microsoft Internet Explorer 9 through 11 allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability." This vulnerability is different from those descr
17-03-2017 - 21:59 16-03-2017 - 20:59
CVE-2017-6367 5.0
In Cerberus FTP Server 8.0.10.1, a crafted HTTP request causes the Windows service to crash. The attack methodology involves a long Host header and an invalid Content-Length header.
16-03-2017 - 21:59 14-03-2017 - 05:59
CVE-2017-3813 7.2
A vulnerability in the Start Before Logon (SBL) module of Cisco AnyConnect Secure Mobility Client Software for Windows could allow an unauthenticated, local attacker to open Internet Explorer with the privileges of the SYSTEM user. The vulnerability
15-03-2017 - 21:59 09-02-2017 - 12:59
CVE-2017-6506 7.5
In Azure Data Expert Ultimate 2.2.16, the SMTP verification function suffers from a buffer overflow vulnerability, leading to remote code execution. The attack vector is a crafted SMTP daemon that sends a long 220 (aka "Service ready") string.
14-03-2017 - 21:59 10-03-2017 - 05:59
CVE-2017-6465 7.5
Remote Code Execution was discovered in FTPShell Client 6.53. By default, the client sends a PWD command to the FTP server it is connecting to; however, it doesn't check the response's length, leading to a buffer overflow situation.
14-03-2017 - 15:31 09-03-2017 - 20:59
CVE-2016-7255 7.2
The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow local users to gai
13-03-2017 - 21:59 10-11-2016 - 02:00
CVE-2014-4113 7.2
win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users
13-03-2017 - 21:59 15-10-2014 - 06:55
CVE-2017-6416 7.5
An issue was discovered in SysGauge 1.5.18. A buffer overflow vulnerability in SMTP connection verification leads to arbitrary code execution. The attack vector is a crafted SMTP daemon that sends a long 220 (aka "Service ready") string.
07-03-2017 - 21:59 05-03-2017 - 21:59
CVE-2016-8377 6.0
An issue was discovered in Fatek Automation PLC WinProladder Version 3.11 Build 14701. A stack-based buffer overflow vulnerability exists when the software application connects to a malicious server, resulting in a stack buffer overflow. This causes
03-03-2017 - 10:52 13-02-2017 - 16:59
CVE-2017-6187 7.5
Buffer overflow in the built-in web server in DiskSavvy Enterprise 9.4.18 allows remote attackers to execute arbitrary code via a long URI in a GET request.
01-03-2017 - 21:59 22-02-2017 - 18:59
CVE-2016-10079 5.0
SAPlpd through 7400.3.11.33 in SAP GUI 7.40 on Windows has a Denial of Service vulnerability (service crash) with a long string to TCP port 515.
27-02-2017 - 21:37 01-02-2017 - 14:59
CVE-2016-0189 7.6
The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site
23-02-2017 - 21:59 10-05-2016 - 21:59
CVE-2015-5696 5.0
Dell Netvault Backup before 10.0.5 allows remote attackers to cause a denial of service (crash) via a crafted request.
23-02-2017 - 21:59 14-08-2015 - 14:59
CVE-2017-0313 7.2
All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) implementation of the SubmitCommandVirtual DDI (DxgkDdiSubmitCommandVirtual) where untrusted input is used to reference memory outside o
23-02-2017 - 14:26 15-02-2017 - 18:59
CVE-2017-0312 7.2
All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscapeID 0x100008b where user provided input is used as the limit for a loop may lead to denial of service or potenti
23-02-2017 - 14:26 15-02-2017 - 18:59
CVE-2017-5881 6.8
GOM Player 2.3.10.5266 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted fpx file.
23-02-2017 - 10:59 21-02-2017 - 02:59
CVE-2008-6996 5.0
Google Chrome BETA (0.2.149.27) does not prompt the user before saving an executable file, which makes it easier for remote attackers or malware to cause a denial of service (disk consumption) or exploit other vulnerabilities via a URL that reference
19-02-2017 - 00:25 19-08-2009 - 01:24
CVE-2008-4049 6.8
A certain ActiveX control in fwRemoteCfg.dll 3.3.3.1 in Friendly Technologies FriendlyPPPoE Client 3.0.0.57 allows remote attackers to execute arbitrary programs via arguments to the RunApp method.
19-02-2017 - 00:23 11-09-2008 - 17:06
CVE-2008-4048 6.8
Heap-based buffer overflow in a certain ActiveX control in fwRemoteCfg.dll 3.3.3.1 in Friendly Technologies FriendlyPPPoE Client 3.0.0.57 allows remote attackers to execute arbitrary code via a long third argument to the CreateURLShortcut method.
19-02-2017 - 00:23 11-09-2008 - 17:06
CVE-2008-2286 7.5
SQL injection vulnerability in axengine.exe in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 allows remote attackers to execute arbitrary SQL commands via unspecified string fields in a notification packet.
19-02-2017 - 00:22 18-05-2008 - 10:20
CVE-2008-1855 5.0
FrameworkService.exe in McAfee Common Management Agent (CMA) 3.6.0.574 Patch 3 and earlier, as used by ePolicy Orchestrator (ePO) and ProtectionPilot (PrP), allows remote attackers to corrupt memory and cause a denial of service (CMA Framework servic
19-02-2017 - 00:22 16-04-2008 - 15:05
CVE-2008-1309 9.3
The RealAudioObjects.RealAudio ActiveX control in rmoc3260.dll in RealNetworks RealPlayer Enterprise, RealPlayer 10, RealPlayer 10.5 before build 6.0.12.1675, and RealPlayer 11 before 11.0.3 build 6.0.14.806 does not properly manage memory for the (1
19-02-2017 - 00:21 12-03-2008 - 13:44
CVE-2006-6917 10.0
Multiple buffer overflows in Computer Associates (CA) BrightStor ARCserve Backup R11.5 Server before SP2 allows remote attackers to execute arbitrary code in the Tape Engine (tapeeng.exe) via a crafted RPC request with (1) opnum 38, which is not prop
19-02-2017 - 00:15 31-12-2006 - 00:00
CVE-2006-5112 7.5
Buffer overflow in InterVations NaviCOPA Web Server 2.01 allows remote attackers to execute arbitrary code via a long HTTP GET request.
19-02-2017 - 00:14 03-10-2006 - 00:03
CVE-2016-9332 7.8
An issue was discovered in Moxa SoftCMS versions prior to Version 1.6. Moxa SoftCMS Webserver does not properly validate input. An attacker could provide unexpected values and cause the program to crash or excessive consumption of resources could res
17-02-2017 - 09:47 13-02-2017 - 16:59
CVE-2015-8635 9.3
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler
16-02-2017 - 21:59 28-12-2015 - 18:59
CVE-2015-8431 10.0
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler
16-02-2017 - 21:59 10-12-2015 - 00:59
CVE-2015-8430 10.0
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler
16-02-2017 - 21:59 10-12-2015 - 00:59
CVE-2015-8429 10.0
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler
16-02-2017 - 21:59 10-12-2015 - 00:59
CVE-2015-8428 10.0
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler
16-02-2017 - 21:59 10-12-2015 - 00:59
CVE-2015-8427 10.0
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler
16-02-2017 - 21:59 10-12-2015 - 00:59
CVE-2015-8425 10.0
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler
16-02-2017 - 21:59 10-12-2015 - 00:59
CVE-2015-8424 10.0
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler
16-02-2017 - 21:59 10-12-2015 - 00:59
CVE-2015-8423 10.0
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler
16-02-2017 - 21:59 10-12-2015 - 00:59
CVE-2015-8422 10.0
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler
16-02-2017 - 21:59 10-12-2015 - 00:59
CVE-2015-8421 10.0
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler
16-02-2017 - 21:59 10-12-2015 - 00:59
CVE-2015-8420 10.0
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler
16-02-2017 - 21:59 10-12-2015 - 00:59
CVE-2015-5568 10.0
Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to caus
16-02-2017 - 21:59 22-09-2015 - 06:59
CVE-2015-5133 10.0
Buffer overflow in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers to execute arb
16-02-2017 - 21:59 13-08-2015 - 21:59
CVE-2015-5132 10.0
Buffer overflow in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers to execute arb
16-02-2017 - 21:59 13-08-2015 - 21:59
CVE-2015-5131 10.0
Buffer overflow in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers to execute arb
16-02-2017 - 21:59 13-08-2015 - 21:59
CVE-2015-5130 10.0
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers t
16-02-2017 - 21:59 13-08-2015 - 21:59
CVE-2015-5127 10.0
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers t
16-02-2017 - 21:59 13-08-2015 - 21:59
CVE-2016-7288 7.6
The scripting engines in Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than C
10-02-2017 - 21:59 20-12-2016 - 01:59
CVE-2017-5329 4.6
Palo Alto Networks Terminal Services Agent before 7.0.7 allows local users to gain privileges via vectors that trigger an out-of-bounds write operation.
07-02-2017 - 17:42 27-01-2017 - 17:59
CVE-2016-1013 10.0
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerab
01-02-2017 - 21:59 08-04-2016 - 21:59
CVE-2016-1011 10.0
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerab
01-02-2017 - 21:59 08-04-2016 - 21:59
CVE-2016-5237 1.9
Valve Steam 3.42.16.13 uses weak permissions for the files in the Steam program directory, which allows local users to modify the files and possibly gain privileges as demonstrated by a Trojan horse Steam.exe file.
25-01-2017 - 15:23 23-01-2017 - 16:59
CVE-2016-5725 4.3
Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE, allows remote SFTP servers to write to arbitrary files via a ..\ (dot dot backslash) in a response to a recursive GET command.
20-01-2017 - 12:23 19-01-2017 - 17:59
CVE-2016-8811 7.2
For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x7000170 where the size of an
19-01-2017 - 21:59 08-11-2016 - 15:59
CVE-2016-8810 7.2
For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x100009a where a value passed
19-01-2017 - 21:59 08-11-2016 - 15:59
CVE-2016-8809 7.2
For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x70001b2 where the size of an
19-01-2017 - 21:59 08-11-2016 - 15:59
CVE-2016-8808 7.2
For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x70000d5 where a value passed
19-01-2017 - 21:59 08-11-2016 - 15:59
CVE-2016-8807 7.2
For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x10000e9 where a value is pass
19-01-2017 - 21:59 08-11-2016 - 15:59
CVE-2016-8806 7.2
For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x5000027 where a pointer passe
19-01-2017 - 21:59 08-11-2016 - 15:59
CVE-2016-8805 7.2
For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x7000014 where a value passed
19-01-2017 - 21:59 08-11-2016 - 15:59
CVE-2016-7391 7.2
For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x100010b where a missing array
19-01-2017 - 21:59 08-11-2016 - 15:59
CVE-2016-7390 7.2
For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x7000194 where a value passed
19-01-2017 - 21:59 08-11-2016 - 15:59
CVE-2016-7387 7.2
For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x600000D where a value passed
19-01-2017 - 21:59 08-11-2016 - 15:59
CVE-2016-7386 2.1
For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x70000D4 which may lead to lea
19-01-2017 - 21:59 08-11-2016 - 15:59
CVE-2016-7385 7.2
For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x700010d where a value passed
19-01-2017 - 21:59 08-11-2016 - 15:59
CVE-2016-7384 7.2
For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) where unchecked input/output lengths in UVMLiteController D
19-01-2017 - 21:59 08-11-2016 - 15:59
CVE-2016-7201 7.6
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vu
19-01-2017 - 21:59 10-11-2016 - 01:59
CVE-2016-7200 7.6
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vu
19-01-2017 - 21:59 10-11-2016 - 01:59
CVE-2014-8440 10.0
Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attacker
06-01-2017 - 22:00 11-11-2014 - 18:55
CVE-2014-6332 9.3
OleAut32.dll in OLE in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute ar
06-01-2017 - 22:00 11-11-2014 - 17:55
CVE-2014-4971 7.2
Microsoft Windows XP SP3 does not validate addresses in certain IRP handler routines, which allows local users to write data to arbitrary memory locations, and consequently gain privileges, via a crafted address in an IOCTL call, related to (1) the M
06-01-2017 - 22:00 26-07-2014 - 11:55
CVE-2014-3434 6.9
Buffer overflow in the sysplant driver in Symantec Endpoint Protection (SEP) Client 11.x and 12.x before 12.1 RU4 MP1b, and Small Business Edition before SEP 12.1, allows local users to execute arbitrary code via a long argument to a 0x00222084 IOCTL
06-01-2017 - 21:59 06-08-2014 - 15:55
CVE-2014-2623 10.0
Unspecified vulnerability in HP Storage Data Protector 8.x allows remote attackers to execute arbitrary code via unknown vectors.
06-01-2017 - 21:59 17-07-2014 - 20:55
CVE-2014-2477 3.6
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.12 allows local users to affect integrity and availability via unknown vectors related to Core, a diffe
06-01-2017 - 21:59 17-07-2014 - 01:10
CVE-2014-0556 10.0
Heap-based buffer overflow in Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR S
06-01-2017 - 21:59 09-09-2014 - 21:55
CVE-2014-0497 10.0
Integer underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x through 12.0.x before 12.0.0.44 on Windows and Mac OS X, and before 11.2.202.336 on Linux, allows remote attackers to execute arbitrary code via unspecified vectors.
06-01-2017 - 21:59 05-02-2014 - 00:15
CVE-2014-0282 9.3
Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability tha
06-01-2017 - 21:59 11-06-2014 - 00:56
CVE-2014-0257 9.3
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly determine whether it is safe to execute a method, which allows remote attackers to execute arbitrary code via (1) a crafted web site or (2) a crafted
06-01-2017 - 21:59 11-02-2014 - 23:50
CVE-2013-5045 6.2
Microsoft Internet Explorer 10 and 11 allows local users to bypass the Protected Mode protection mechanism, and consequently gain privileges, by leveraging the ability to execute sandboxed code, aka "Internet Explorer Elevation of Privilege Vulnerabi
06-01-2017 - 21:59 10-12-2013 - 19:55
CVE-2015-3073 10.0
Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors, a different vulnerability than CVE-2015-3060, CVE-2015-3061,
05-01-2017 - 15:06 13-05-2015 - 07:00
CVE-2016-1002 10.0
Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow atta
03-01-2017 - 21:59 12-03-2016 - 10:59
CVE-2015-2572 4.6
Unspecified vulnerability in the Oracle Hyperion Smart View for Office component in Oracle Hyperion 11.1.2.5.216 and earlier, when running on Windows, allows local users to affect confidentiality, integrity, and availability via unknown vectors relat
03-01-2017 - 13:40 16-04-2015 - 13:00
CVE-2016-7084 6.9
tpview.dll in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows, when Cortado ThinPrint virtual printing is enabled, allows guest OS users to execute arbitrary code on the host OS or cause a denial
03-01-2017 - 13:20 29-12-2016 - 04:59
CVE-2016-7083 5.9
VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows, when Cortado ThinPrint virtual printing is enabled, allow guest OS users to execute arbitrary code on the host OS or cause a denial of service (hos
03-01-2017 - 13:02 29-12-2016 - 04:59
CVE-2015-3632 4.3
Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1.5 allow remote attackers to cause a denial of service (memory corruption and crash) via a crafted GIF in a PDF file.
02-01-2017 - 22:00 01-05-2015 - 11:59
CVE-2015-3093 10.0
Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow atta
02-01-2017 - 22:00 13-05-2015 - 07:00
CVE-2015-3089 10.0
Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow atta
02-01-2017 - 21:59 13-05-2015 - 07:00
CVE-2015-3088 10.0
Heap-based buffer overflow in Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compile
02-01-2017 - 21:59 13-05-2015 - 07:00
CVE-2015-3087 10.0
Integer overflow in Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 1
02-01-2017 - 21:59 13-05-2015 - 07:00
CVE-2015-3083 6.4
Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow remo
02-01-2017 - 21:59 13-05-2015 - 07:00
CVE-2015-3082 6.4
Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow remo
02-01-2017 - 21:59 13-05-2015 - 07:00
CVE-2015-3081 4.3
Race condition in Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.
02-01-2017 - 21:59 13-05-2015 - 07:00
CVE-2015-3080 10.0
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compi
02-01-2017 - 21:59 13-05-2015 - 07:00
CVE-2015-2281 7.5
Stack-based buffer overflow in collectoragent.exe in Fortinet Single Sign On (FSSO) before build 164 allows remote attackers to execute arbitrary code via a large PROCESS_HELLO message to the Message Dispatcher on TCP port 8000.
02-01-2017 - 21:59 19-03-2015 - 10:59
CVE-2015-1701 7.2
Win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows local users to gain privileges via a crafted application, as exploited in the wild in April 2015, aka "Win32k Elevation of Privilege Vul
02-01-2017 - 21:59 21-04-2015 - 06:59
CVE-2015-1674 1.9
The kernel in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly validate an unspecified address, which allows local users to bypass the KASLR protection mechanism, and consequently discov
02-01-2017 - 21:59 13-05-2015 - 06:59
CVE-2015-1635 10.0
HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka "HTTP.sys Remote Code Execution Vulnerabilit
02-01-2017 - 21:59 14-04-2015 - 16:59
CVE-2015-0313 10.0
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited
02-01-2017 - 21:59 02-02-2015 - 14:59
CVE-2015-0016 9.3
Directory traversal vulnerability in the TS WebProxy (aka TSWbPrxy) component in Microsoft Windows Vista SP2, Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remot
02-01-2017 - 21:59 13-01-2015 - 17:59
CVE-2014-7288 9.0
Symantec PGP Universal Server and Encryption Management Server before 3.3.2 MP7 allow remote authenticated administrators to execute arbitrary shell commands via a crafted command line in a database-backup restore action.
02-01-2017 - 21:59 31-01-2015 - 21:59
CVE-2016-10031 6.9
** DISPUTED ** WampServer 3.0.6 installs two services called 'wampapache' and 'wampmysqld' with weak file permissions, running with SYSTEM privileges. This could potentially allow an authorized but non-privileged local user to execute arbitrary code
30-12-2016 - 21:59 27-12-2016 - 02:59
CVE-2015-3106 10.0
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe
30-12-2016 - 21:59 09-06-2015 - 21:59
CVE-2015-1730 9.3
Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
30-12-2016 - 21:59 09-06-2015 - 21:59
CVE-2015-0336 9.3
Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than
30-12-2016 - 21:59 13-03-2015 - 13:59
CVE-2015-0050 9.3
Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE
30-12-2016 - 21:59 10-02-2015 - 22:00
CVE-2015-0040 9.3
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015
30-12-2016 - 21:59 10-02-2015 - 22:00
CVE-2014-4138 9.3
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014
30-12-2016 - 21:59 15-10-2014 - 06:55
CVE-2014-1785 9.3
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014
30-12-2016 - 21:59 11-06-2014 - 00:56
CVE-2013-7409 7.5
Buffer overflow in ALLPlayer 5.6.2 through 5.8.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a .m3u (playlist) file.
30-12-2016 - 21:59 30-10-2014 - 11:55
CVE-2013-7280 4.3
Buffer overflow in HansoTools Hanso Player 2.1.0, 2.5.0, and earlier allows remote attackers to cause a denial of service (crash) via a long string in a .m3u file.
30-12-2016 - 21:59 08-01-2014 - 10:30
CVE-2013-7260 7.5
Multiple stack-based buffer overflows in RealNetworks RealPlayer before 17.0.4.61 on Windows, and Mac RealPlayer before 12.0.1.1738, allow remote attackers to execute arbitrary code via a long (1) version number or (2) encoding declaration in the XML
30-12-2016 - 21:59 03-01-2014 - 15:55
CVE-2013-4988 9.3
Stack-based buffer overflow in IcoFX 2.5 and earlier allows remote attackers to execute arbitrary code via a long idCount value in an ICONDIR structure in an ICO file. NOTE: some of these details are obtained from third party information.
30-12-2016 - 21:59 13-12-2013 - 13:07
CVE-2013-4730 10.0
Buffer overflow in PCMan's FTP Server 2.0.7 allows remote attackers to execute arbitrary code via a long string in a USER command.
30-12-2016 - 21:59 15-05-2014 - 10:55
CVE-2013-3143 9.3
Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CV
30-12-2016 - 21:59 09-07-2013 - 23:46
CVE-2013-3120 9.3
Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013
30-12-2016 - 21:59 11-06-2013 - 23:30
CVE-2013-3111 9.3
Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability tha
30-12-2016 - 21:59 11-06-2013 - 23:29
CVE-2013-1309 9.3
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a differ
30-12-2016 - 21:59 14-05-2013 - 23:36
CVE-2013-1306 9.3
Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnera
30-12-2016 - 21:59 14-05-2013 - 23:36
CVE-2013-0090 9.3
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CCaret Use After Free Vulnerability."
30-12-2016 - 21:59 12-03-2013 - 20:55
CVE-2013-0019 9.3
Use-after-free vulnerability in Microsoft Internet Explorer 7 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer COmWindowProxy Use After Free Vulnerabi
30-12-2016 - 21:59 13-02-2013 - 07:04
CVE-2008-5753 9.3
Stack-based buffer overflow in BulletProof FTP Client 2.63 and 2010 allows user-assisted attackers to execute arbitrary code via a bookmark file entry with a long host name, which appears as a host parameter within the quick-connect bar.
30-12-2016 - 21:59 30-12-2008 - 12:30
CVE-2016-0199 9.3
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability tha
29-12-2016 - 09:42 15-06-2016 - 21:59
CVE-2016-0063 9.3
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability tha
29-12-2016 - 09:42 10-02-2016 - 06:59
CVE-2015-6168 9.3
Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6153.
29-12-2016 - 08:19 09-12-2015 - 06:59
CVE-2016-7287 7.6
The scripting engines in Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability
27-12-2016 - 21:59 20-12-2016 - 01:59
CVE-2016-7286 7.6
The scripting engines in Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than C
27-12-2016 - 21:59 20-12-2016 - 01:59
CVE-2015-5122 10.0
Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and
27-12-2016 - 21:59 14-07-2015 - 06:59
CVE-2015-3134 10.0
Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allow atta
27-12-2016 - 21:59 09-07-2015 - 12:59
CVE-2015-3124 10.0
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compi
27-12-2016 - 21:59 09-07-2015 - 12:59
CVE-2015-3118 10.0
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compi
27-12-2016 - 21:59 09-07-2015 - 12:59
CVE-2016-3247 5.1
Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability."
23-12-2016 - 21:59 14-09-2016 - 06:59
CVE-2016-3222 9.3
Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability."
23-12-2016 - 21:59 15-06-2016 - 21:59
CVE-2015-4878 1.5
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CV
23-12-2016 - 21:59 21-10-2015 - 19:59
CVE-2015-4877 1.5
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CV
23-12-2016 - 21:59 21-10-2015 - 19:59
CVE-2015-4481 3.3
Race condition in the Mozilla Maintenance Service in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Windows allows local users to write to arbitrary files and consequently gain privileges via vectors involving a hard link to a log fi
23-12-2016 - 21:59 15-08-2015 - 21:59
CVE-2016-7241 7.6
Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability."
23-12-2016 - 16:00 10-11-2016 - 01:59
CVE-2016-7202 7.6
The scripting engines in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vul
23-12-2016 - 15:59 10-11-2016 - 01:59
CVE-2016-7866 10.0
Adobe Animate versions 15.2.1.95 and earlier have an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.
21-12-2016 - 22:00 15-12-2016 - 01:59
CVE-2016-7274 9.3
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to execute arb
21-12-2016 - 22:00 20-12-2016 - 01:59
CVE-2015-6923 7.2
The ndvbs module in VBox Communications Satellite Express Protocol 2.3.17.3 allows local users to write to arbitrary physical memory locations and gain privileges via a 0x00000ffd ioctl call.
21-12-2016 - 22:00 21-09-2015 - 15:59
CVE-2015-2528 7.2
Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 do not properly constrain impersonation levels, which allows local users to gain privileges via a crafted application, aka "Windows Task Manage
21-12-2016 - 21:59 08-09-2015 - 20:59
CVE-2015-2527 7.2
The process-initialization implementation in win32k.sys in the kernel-mode drivers in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 does not properly constrain impersonation levels, which a
21-12-2016 - 21:59 08-09-2015 - 20:59
CVE-2015-2525 7.2
Task Scheduler in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to bypass intended filesystem restri
21-12-2016 - 21:59 08-09-2015 - 20:59
CVE-2015-2524 7.2
Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 do not properly constrain impersonation levels, which allows local users to gain privileges via a crafted application, aka "Windows Task Manage
21-12-2016 - 21:59 08-09-2015 - 20:59
CVE-2015-2523 9.3
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel for Mac 2011 and 2016, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft O
21-12-2016 - 21:59 08-09-2015 - 20:59
CVE-2015-2521 9.3
Microsoft Excel 2007 SP3, Excel 2010 SP2, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
21-12-2016 - 21:59 08-09-2015 - 20:59
CVE-2015-2520 9.3
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel for Mac 2011 and 2016, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerabili
21-12-2016 - 21:59 08-09-2015 - 20:59
CVE-2015-2510 9.3
Buffer overflow in the Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2, Office 2007 SP3, Office 2010 SP2, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1, and Live Meeting 2007 Console allows remot
21-12-2016 - 21:59 08-09-2015 - 20:59
CVE-2015-2509 9.3
Windows Media Center in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8, and Windows 8.1 allows user-assisted remote attackers to execute arbitrary code via a crafted Media Center link (mcl) file, aka "Windows Media Center RCE Vulnerability."
21-12-2016 - 21:59 08-09-2015 - 20:59
CVE-2015-2508 7.2
The Adobe Type Manager Library in Microsoft Windows 10 allows local users to gain privileges via a crafted application, aka "Font Driver Elevation of Privilege Vulnerability."
21-12-2016 - 21:59 08-09-2015 - 20:59
CVE-2015-6305 7.2
Untrusted search path vulnerability in the CMainThread::launchDownloader function in vpndownloader.exe in Cisco AnyConnect Secure Mobility Client 2.0 through 4.1 on Windows allows local users to gain privileges via a Trojan horse DLL in the current w
12-12-2016 - 14:01 25-09-2015 - 21:59
CVE-2015-2554 7.2
The kernel in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to gain privileges via a crafted application, aka "Windows Object Reference Elevation of Privilege Vulnerabili
12-12-2016 - 13:25 13-10-2015 - 21:59
CVE-2015-2553 7.2
The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 mishandles junctions during mountpoint creation, which make
12-12-2016 - 13:24 13-10-2015 - 21:59
CVE-2015-2482 9.3
The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted
12-12-2016 - 13:20 13-10-2015 - 21:59
CVE-2014-6363 9.3
vbscript.dll in Microsoft VBScript 5.6 through 5.8, as used with Internet Explorer 6 through 11 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "VBScri
09-12-2016 - 13:20 10-12-2014 - 19:59
CVE-2015-7622 10.0
Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allow attackers to execute arbit
07-12-2016 - 22:14 14-10-2015 - 19:59
CVE-2015-7387 7.5
ZOHO ManageEngine EventLog Analyzer 10.6 build 10060 and earlier allows remote attackers to bypass intended restrictions and execute arbitrary SQL commands via an allowed query followed by a disallowed one in the query parameter to event/runQuery.do,
07-12-2016 - 22:13 28-09-2015 - 11:59
CVE-2013-6935 9.3
Buffer overflow in VideoCharge Software Watermark Master 2.2.23 allows remote attackers to execute arbitrary code via a long string in the SourcePath value in a .wcf file.
07-12-2016 - 22:04 04-12-2013 - 13:56
CVE-2010-5301 7.5
Stack-based buffer overflow in Kolibri 2.0 allows remote attackers to execute arbitrary code via a long URI in a HEAD request.
07-12-2016 - 22:01 13-06-2014 - 10:55
CVE-2010-2343 9.3
Stack-based buffer overflow in D.R. Software Audio Converter 8.1, 2007, and 8.05 allows remote attackers to execute arbitrary code via a crafted pls playlist file.
07-12-2016 - 22:01 21-06-2010 - 11:30
CVE-2016-9796 10.0
Alcatel-Lucent OmniVista 8770 2.0 through 3.0 exposes different ORBs interfaces, which can be queried using the GIOP protocol on TCP port 30024. An attacker can bypass authentication, and OmniVista invokes methods (AddJobSet, AddJob, and ExecuteNow)
07-12-2016 - 13:33 03-12-2016 - 01:59
CVE-2016-0016 6.9
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandle DLL loading, which allows local users to gain pri
07-12-2016 - 13:30 13-01-2016 - 00:59
CVE-2016-0015 9.3
DirectShow in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted file,
07-12-2016 - 13:30 13-01-2016 - 00:59
CVE-2016-0007 6.9
The sandbox implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandles reparse points, wh
07-12-2016 - 13:30 13-01-2016 - 00:59
CVE-2016-0006 6.9
The sandbox implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandles reparse points, wh
07-12-2016 - 13:30 13-01-2016 - 00:59
CVE-2015-8412 10.0
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler
07-12-2016 - 13:27 10-12-2015 - 00:59
CVE-2015-8411 10.0
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler
07-12-2016 - 13:27 10-12-2015 - 00:59
CVE-2015-8410 10.0
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler
07-12-2016 - 13:27 10-12-2015 - 00:59
CVE-2015-8046 10.0
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19
07-12-2016 - 13:26 11-11-2015 - 08:00
CVE-2015-7865 7.7
nvSCPAPISvr.exe in the Stereoscopic 3D Driver Service in the NVIDIA GPU graphics driver R340 before 341.92, R352 before 354.35, and R358 before 358.87 on Windows does not properly restrict access to the stereosvrpipe named pipe, which allows local us
07-12-2016 - 13:25 24-11-2015 - 15:59
CVE-2015-7652 9.3
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19
07-12-2016 - 13:24 11-11-2015 - 07:59
CVE-2015-6131 9.3
Windows Media Center in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8, and Windows 8.1 allows remote attackers to execute arbitrary code via a crafted .mcl file, aka "Media Center Library Parsing RCE Vulnerability."
07-12-2016 - 13:18 09-12-2015 - 06:59
CVE-2015-6127 4.3
Windows Media Center in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8, and Windows 8.1 allows remote attackers to read arbitrary files via a crafted .mcl file, aka "Windows Media Center Information Disclosure Vulnerability."
07-12-2016 - 13:18 09-12-2015 - 06:59
CVE-2015-6104 9.3
The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows remote attackers t
07-12-2016 - 13:18 11-11-2015 - 07:59
CVE-2015-6103 9.3
The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows remote attackers t
07-12-2016 - 13:18 11-11-2015 - 07:59
CVE-2015-6102 2.1
The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows local users to bypass the KASLR protec
07-12-2016 - 13:18 11-11-2015 - 07:59
CVE-2015-6101 7.2
The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a c
07-12-2016 - 13:18 11-11-2015 - 07:59
CVE-2015-6100 7.2
The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a c
07-12-2016 - 13:18 11-11-2015 - 07:59
CVE-2015-6098 7.2
Buffer overflow in the Network Driver Interface Standard (NDIS) implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to gain privileges via a crafted application, aka "Windows NDIS El
07-12-2016 - 13:18 11-11-2015 - 07:59
CVE-2015-6086 4.3
Microsoft Internet Explorer 9 through 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability."
07-12-2016 - 13:18 11-11-2015 - 07:59
CVE-2014-6287 7.5
The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (aks HFS or HttpFileServer) 2.3x before 2.3c allows remote attackers to execute arbitrary programs via a %00 sequence in a search action.
06-12-2016 - 22:00 07-10-2014 - 06:55
CVE-2010-4417 7.5
Unspecified vulnerability in the Services for Beehive component in Oracle Fusion Middleware 2.0.1.0, 2.0.1.1, 2.0.1.2, 2.0.1.2.1, and 2.0.1.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: t
06-12-2016 - 21:59 19-01-2011 - 11:00
CVE-2016-1525 7.8
Directory traversal vulnerability in data/config/image.do in NETGEAR Management System NMS300 1.5.0.11 and earlier allows remote authenticated users to read arbitrary files via a .. (dot dot) in the realName parameter.
05-12-2016 - 22:07 12-02-2016 - 21:59
CVE-2016-0051 7.2
The WebDAV client in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted applic
05-12-2016 - 22:04 10-02-2016 - 06:59
CVE-2014-7872 7.2
Comodo GeekBuddy before 4.18.121 does not restrict access to the VNC server, which allows local users to gain privileges by connecting to the server.
05-12-2016 - 21:59 09-06-2015 - 10:59
CVE-2016-4004 4.0
Directory traversal vulnerability in Dell OpenManage Server Administrator (OMSA) 8.2 allows remote authenticated administrators to read arbitrary files via a ..\ (dot dot backslash) in the file parameter to ViewFile.
02-12-2016 - 22:27 12-04-2016 - 13:59
CVE-2016-2004 9.3
HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allow remote attackers to execute arbitrary code via unspecified vectors related to lack of authentication. NOTE: this vulnerability exists because of an incomplete fix for CVE
02-12-2016 - 22:24 21-04-2016 - 07:00
CVE-2016-1960 6.8
Integer underflow in the nsHtml5TreeBuilder class in the HTML5 string parser in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) by leveraging
02-12-2016 - 22:23 13-03-2016 - 14:59
CVE-2016-1001 10.0
Heap-based buffer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compile
02-12-2016 - 22:19 12-03-2016 - 10:59
CVE-2016-1000 10.0
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compi
02-12-2016 - 22:19 12-03-2016 - 10:59
CVE-2016-0999 10.0
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compi
02-12-2016 - 22:19 12-03-2016 - 10:59
CVE-2016-0998 10.0
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compi
02-12-2016 - 22:19 12-03-2016 - 10:59
CVE-2016-0997 10.0
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compi
02-12-2016 - 22:19 12-03-2016 - 10:59
CVE-2016-0954 10.0
Adobe Digital Editions before 4.5.1 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
02-12-2016 - 22:18 09-03-2016 - 06:59
CVE-2016-0953 10.0
Adobe Photoshop CC 2014 before 15.2.4, Photoshop CC 2015 before 16.1.2, and Bridge CC before 6.2 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-20
02-12-2016 - 22:18 10-02-2016 - 15:59
CVE-2016-0952 10.0
Adobe Photoshop CC 2014 before 15.2.4, Photoshop CC 2015 before 16.1.2, and Bridge CC before 6.2 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-20
02-12-2016 - 22:18 10-02-2016 - 15:59
CVE-2016-0951 10.0
Adobe Photoshop CC 2014 before 15.2.4, Photoshop CC 2015 before 16.1.2, and Bridge CC before 6.2 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-20
02-12-2016 - 22:18 10-02-2016 - 15:59
CVE-2016-0854 10.0
Unrestricted file upload vulnerability in the uploadImageCommon function in the UploadAjaxAction script in the WebAccess Dashboard Viewer in Advantech WebAccess before 8.1 allows remote attackers to write to files of arbitrary types via unspecified v
02-12-2016 - 22:18 14-01-2016 - 22:59
CVE-2016-0145 9.3
The font library in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold and 1511; Office 2007 SP3 and 2010 SP2; Word Viewer; .NET Framework 3.0
02-12-2016 - 22:15 12-04-2016 - 19:59
CVE-2016-0122 9.3
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Word 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft
02-12-2016 - 22:15 12-04-2016 - 19:59
CVE-2016-0121 9.3
The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary
02-12-2016 - 22:15 09-03-2016 - 06:59
CVE-2016-0120 7.1
The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to cause a denial of
02-12-2016 - 22:15 09-03-2016 - 06:59
CVE-2016-0111 7.6
Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability," a different
02-12-2016 - 22:15 09-03-2016 - 06:59
CVE-2016-0108 7.6
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016
02-12-2016 - 22:15 09-03-2016 - 06:59
CVE-2016-0099 7.2
The Secondary Logon Service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 does not properly process request handles, which
02-12-2016 - 22:15 09-03-2016 - 06:59
CVE-2016-0094 7.2
The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted a
02-12-2016 - 22:15 09-03-2016 - 06:59
CVE-2016-0093 7.2
The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted a
02-12-2016 - 22:15 09-03-2016 - 06:59
CVE-2015-2790 4.3
Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1 allow remote attackers to cause a denial of service (memory corruption and crash) via a crafted (1) Ubyte Size in a DataSubBlock structure or (2) LZWMinimumCodeSize in a GIF image.
02-12-2016 - 22:06 30-03-2015 - 10:59
CVE-2015-2789 4.4
Unquoted Windows search path vulnerability in the Foxit Cloud Safe Update Service in the Cloud plugin in Foxit Reader 6.1 through 7.0.6.1126 allows local users to gain privileges via a Trojan horse program in the %SYSTEMDRIVE% folder.
02-12-2016 - 22:06 30-03-2015 - 10:59
CVE-2015-2169 4.3
Cross-site scripting (XSS) vulnerability in Zoho ManageEngine AssetExplorer 6.1 service pack 6112 allows remote attackers to inject arbitrary web script or HTML via a Publisher registry entry, which is not properly handled when the machine is scanned
02-12-2016 - 22:04 24-06-2015 - 10:59
CVE-2011-4722 7.8
Directory traversal vulnerability in the TFTP Server 1.0.0.24 in Ipswitch WhatsUp Gold allows remote attackers to read arbitrary files via a .. (dot dot) in the Filename field of an RRQ operation.
02-12-2016 - 21:59 27-12-2014 - 21:59
CVE-2016-4534 3.0
The McAfee VirusScan Console (mcconsol.exe) in McAfee VirusScan Enterprise 8.8.0 before Hotfix 1123565 (8.8.0.1546) on Windows allows local administrators to bypass intended self-protection rules and unlock the console window by closing registry hand
30-11-2016 - 22:10 05-05-2016 - 14:59
CVE-2016-0185 9.3
Media Center in Microsoft Windows Vista SP2, Windows 7 SP1, and Windows 8.1 allows remote attackers to execute arbitrary code via a crafted Media Center link (aka .mcl) file, aka "Windows Media Center Remote Code Execution Vulnerability."
30-11-2016 - 22:02 10-05-2016 - 21:59
CVE-2016-0173 7.2
The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted a
30-11-2016 - 22:02 10-05-2016 - 21:59
CVE-2016-3223 9.3
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mishandle LDAP authentication, which allows man-in-the-middle attackers to gain
29-11-2016 - 22:05 15-06-2016 - 21:59
CVE-2016-3220 6.9
atmfd.dll in the Adobe Type Manager Font Driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain p
29-11-2016 - 22:05 15-06-2016 - 21:59
CVE-2016-3216 4.3
GDI32.dll in the Graphics component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to bypass the AS
29-11-2016 - 22:05 15-06-2016 - 21:59
CVE-2016-0171 7.2
The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted a
29-11-2016 - 22:02 10-05-2016 - 21:59
CVE-2015-2097 7.5
Multiple buffer overflows in WebGate Embedded Standard Protocol (WESP) SDK allow remote attackers to execute arbitrary code via unspecified vectors to the (1) LoadImage or (2) LoadImageEx function in the WESPMonitor.WESPMonitorCtrl.1 control, (3) Cha
29-11-2016 - 22:01 09-03-2015 - 10:59
CVE-2015-2094 7.5
Stack-based buffer overflow in the WESPPlayback.WESPPlaybackCtrl.1 control in WebGate WinRDS allows remote attackers to execute arbitrary code via unspecified vectors to the (1) PrintSiteImage, (2) PlaySiteAllChannel, (3) StopSiteAllChannel, or (4) S
29-11-2016 - 22:01 09-03-2015 - 10:59
CVE-2009-1330 9.3
Stack-based buffer overflow in Easy RM to MP3 Converter allows remote attackers to execute arbitrary code via a long filename in a playlist (.pls) file.
29-11-2016 - 21:59 17-04-2009 - 10:08
CVE-2016-9018 4.3
Improper handling of a repeating VRAT chunk in qcpfformat.dll allows attackers to cause a Null pointer dereference and crash in RealNetworks RealPlayer 18.1.5.705 through a crafted .QCP media file.
29-11-2016 - 14:20 28-10-2016 - 11:59
CVE-2016-8812 7.2
For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA GeForce Experience R340 before GFE 2.11.4.125 and R375 before GFE 3.1.0.52 contains a vulnerability in the kernel mode layer (nvstreamkms.sys) allowing a user to cause a stack buffer overflow w
29-11-2016 - 14:18 08-11-2016 - 15:59
CVE-2016-7851 4.3
Adobe Connect version 9.5.6 and earlier does not adequately validate input in the events registration module. This vulnerability could be exploited in cross-site scripting attacks.
28-11-2016 - 15:39 08-11-2016 - 12:59
CVE-2016-7240 7.6
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vu
28-11-2016 - 15:38 10-11-2016 - 01:59
CVE-2016-7237 6.8
Local Security Authority Subsystem Service (LSASS) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 20
28-11-2016 - 15:38 10-11-2016 - 01:59
CVE-2016-7226 3.6
Virtual Hard Disk Driver in Windows 10 Gold, 1511, and 1607 and Windows Server 2016 does not properly restrict access to files, which allows local users to gain privileges via a crafted application, aka "VHD Driver Elevation of Privilege Vulnerabilit
28-11-2016 - 15:38 10-11-2016 - 01:59
CVE-2016-7225 3.6
Virtual Hard Disk Driver in Windows 10 Gold, 1511, and 1607 and Windows Server 2016 does not properly restrict access to files, which allows local users to gain privileges via a crafted application, aka "VHD Driver Elevation of Privilege Vulnerabilit
28-11-2016 - 15:38 10-11-2016 - 01:59
CVE-2016-7224 3.6
Virtual Hard Disk Driver in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 does not properly restrict access to files, which allows local users to gain privileges via a
28-11-2016 - 15:38 10-11-2016 - 01:59
CVE-2016-7216 2.1
The kernel API in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 mishandles permissions, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Elevation of Privilege Vulnerabili
28-11-2016 - 15:38 10-11-2016 - 01:59
CVE-2016-7203 7.6
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vu
28-11-2016 - 15:37 10-11-2016 - 01:59
CVE-2016-7188 7.2
The Standard Collector Service in Windows Diagnostics Hub in Microsoft Windows 10 Gold, 1511, and 1607 mishandles library loading, which allows local users to gain privileges via a crafted application, aka "Windows Diagnostics Hub Elevation of Privil
28-11-2016 - 15:37 13-10-2016 - 22:59
CVE-2016-7185 7.2
The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allow local users to gain privileges via a cr
28-11-2016 - 15:37 13-10-2016 - 22:59
CVE-2016-5764 6.8
Micro Focus Rumba FTP 4.X client buffer overflow makes it possible to corrupt the stack and allow arbitrary code execution. Fixed in: Rumba FTP 4.5 (HF 14668). This can only occur if a client connects to a malicious server.
28-11-2016 - 15:29 27-10-2016 - 16:59
CVE-2016-3388 2.6
Microsoft Internet Explorer 10 and 11 and Microsoft Edge do not properly restrict access to private namespaces, which allows remote attackers to gain privileges via unspecified vectors, aka "Microsoft Browser Elevation of Privilege Vulnerability," a
28-11-2016 - 15:09 13-10-2016 - 22:59
CVE-2016-3387 6.8
Microsoft Internet Explorer 10 and 11 and Microsoft Edge do not properly restrict access to private namespaces, which allows remote attackers to gain privileges via unspecified vectors, aka "Microsoft Browser Elevation of Privilege Vulnerability," a
28-11-2016 - 15:09 13-10-2016 - 22:59
CVE-2016-3373 4.3
The kernel API in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 does not properly implement registry access control, w
28-11-2016 - 15:09 14-09-2016 - 06:59
CVE-2016-3371 4.3
The kernel API in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 does not properly enforce permissions, which allows lo
28-11-2016 - 15:08 14-09-2016 - 06:59
CVE-2016-3357 9.3
Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, Office 2016, Word for Mac 2011, Word 2016 for Mac, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, SharePoint Server 2013 SP1, Excel Automation Serv
28-11-2016 - 15:08 14-09-2016 - 06:59
CVE-2016-3325 2.6
Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability."
28-11-2016 - 15:08 14-09-2016 - 06:59
CVE-2016-3324 6.8
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
28-11-2016 - 15:08 14-09-2016 - 06:59
CVE-2016-3313 9.3
Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016, Word 2016 for Mac, and Word Viewer allow remote attackers to execute arbitrary code via a crafted file, aka "Microsoft Office Memory Corruption Vulnerability."
28-11-2016 - 15:08 09-08-2016 - 17:59
CVE-2016-3304 9.3
The Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Office 2007 SP3, Office 2010 SP2, Word Viewer, Skype for Business 2016, Lync 2013 SP1, Lync 2010, Lync 2010 Attendee, and Live Meeting 2007 Co
28-11-2016 - 15:07 09-08-2016 - 17:59
CVE-2016-3303 9.3
The Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Office 2007 SP3, Office 2010 SP2, Word Viewer, Skype for Business 2016, Lync 2013 SP1, Lync 2010, Lync 2010 Attendee, and Live Meeting 2007 Co
28-11-2016 - 15:07 09-08-2016 - 17:59
CVE-2016-3301 9.3
The Windows font library in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer;
28-11-2016 - 15:07 09-08-2016 - 17:59
CVE-2016-3288 7.6
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code via a crafted web page, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3290.
28-11-2016 - 15:07 09-08-2016 - 17:59
CVE-2016-3237 6.9
Kerberos in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows man-in-the-middle attackers to bypass authentication
28-11-2016 - 15:06 09-08-2016 - 17:59
CVE-2016-1464 9.3
Cisco WebEx Meetings Player T29.10, when WRF file support is enabled, allows remote attackers to execute arbitrary code via a crafted file, aka Bug ID CSCva09375.
28-11-2016 - 14:59 03-09-2016 - 16:59
CVE-2016-1415 4.3
Cisco WebEx Meetings Player T29.10, when WRF file support is enabled, allows remote attackers to cause a denial of service (application crash) via a crafted file, aka Bug ID CSCuz80455.
28-11-2016 - 14:59 03-09-2016 - 16:59
CVE-2016-0079 2.1
The kernel in Microsoft Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application that makes an API call to access sensitive information in the registry, aka "Windows Kernel Local Elevation of Privilege Vulnerabi
28-11-2016 - 14:51 13-10-2016 - 22:59
CVE-2016-0075 2.1
The kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application that makes an API call to access sensitive information in the re
28-11-2016 - 14:51 13-10-2016 - 22:59
CVE-2016-0073 2.1
The kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application that makes an API call to access sensitive information in the re
28-11-2016 - 14:51 13-10-2016 - 22:59
CVE-2015-7450 10.0
Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the InvokerT
28-11-2016 - 14:43 02-01-2016 - 16:59
CVE-2015-6128 7.2
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 mishandle library loading, which allows local users to gain privileges via a crafted application, aka "Windows Library Loading Remote Code Execution Vulnerability."
28-11-2016 - 14:38 09-12-2015 - 06:59
CVE-2015-2464 9.3
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee,
28-11-2016 - 14:20 14-08-2015 - 20:59
CVE-2015-2463 9.3
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee,
28-11-2016 - 14:20 14-08-2015 - 20:59
CVE-2015-2462 9.3
ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, and .NET Framework 3.
28-11-2016 - 14:20 14-08-2015 - 20:59
CVE-2015-2461 9.3
ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote atta
28-11-2016 - 14:20 14-08-2015 - 20:59
CVE-2015-2456 9.3
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 201
28-11-2016 - 14:19 14-08-2015 - 20:59
CVE-2015-2455 9.3
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 201
28-11-2016 - 14:19 14-08-2015 - 20:59
CVE-2015-2444 9.3
Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2442.
28-11-2016 - 14:19 14-08-2015 - 06:59
CVE-2014-4076 7.2
Microsoft Windows Server 2003 SP2 allows local users to gain privileges via a crafted IOCTL call to (1) tcpip.sys or (2) tcpip6.sys, aka "TCP/IP Elevation of Privilege Vulnerability."
28-11-2016 - 14:12 11-11-2014 - 17:55
CVE-2013-0008 7.2
win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle window broadcast messages, which allows loc
28-11-2016 - 14:08 09-01-2013 - 13:09
CVE-2008-1087 9.3
Stack-based buffer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF image file with crafted filename parameters, aka "GDI Stack Overflo
08-11-2016 - 13:13 08-04-2008 - 19:05
CVE-2008-3008 9.3
Stack-based buffer overflow in the WMEncProfileManager ActiveX control in wmex.dll in Microsoft Windows Media Encoder 9 Series allows remote attackers to execute arbitrary code via a long first argument to the GetDetailsString method, aka "Windows Me
08-11-2016 - 13:02 10-09-2008 - 21:11
CVE-2008-1083 9.3
Heap-based buffer overflow in the CreateDIBPatternBrushPt function in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF or WMF image file with a mal
08-11-2016 - 11:27 08-04-2008 - 19:05
CVE-2008-4510 4.9
Microsoft Windows Vista Home and Ultimate Edition SP1 and earlier allows local users to cause a denial of service (page fault and system crash) via multiple attempts to access a virtual address in a PAGE_NOACCESS memory page.
07-11-2016 - 17:16 09-10-2008 - 14:00
CVE-2013-3906 9.3
GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2; Office 2003 SP3, 2007 SP3, and 2010 SP1 and SP2; Office Compatibility Pack SP3; and Lync 2010, 2010 Attendee, 2013, and Basic 2013 allows remote attackers to execute arbitrary code via a crafte
01-11-2016 - 13:45 06-11-2013 - 10:55
CVE-2013-1347 9.3
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly allocated or (2) is deleted, as exploited in the wild in May 2013.
19-10-2016 - 13:55 05-05-2013 - 07:07
CVE-2006-5826 5.8
Buffer overflow in Texas Imperial Software WFTPD Pro Server 3.23.1.1 allows remote authenticated users to execute arbitrary code or cause a denial of service (application crash) via crafted APPE commands that contain "/" (slash) or "\" (backslash) ch
17-10-2016 - 23:41 09-11-2006 - 20:07
CVE-2006-4455 5.0
** DISPUTED ** Unspecified vulnerability in Xchat 2.6.7 and earlier allows remote attackers to cause a denial of service (crash) via unspecified vectors involving the PRIVMSG command. NOTE: the vendor has disputed this vulnerability, stating that i
17-10-2016 - 23:40 30-08-2006 - 12:04
CVE-2006-3086 9.3
Stack-based buffer overflow in the HrShellOpenWithMonikerDisplayName function in Microsoft Hyperlink Object Library (hlink.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long hyperlink, as
17-10-2016 - 23:40 19-06-2006 - 15:02
CVE-2005-2428 5.0
Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" enabled, stores sensitive data from names.nsf in hidden form fields, which allows remote attackers to read the HTML source to obtain sensitive information such as (1) the password ha
17-10-2016 - 23:27 03-08-2005 - 00:00
CVE-2005-0575 7.5
Buffer overflow in Stormy Studios Knet 1.04c and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long HTTP GET request.
17-10-2016 - 23:12 02-05-2005 - 00:00
CVE-2004-0733 7.5
Format string vulnerability in OllyDbg 1.10 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers that are directly provided to the OutputDebugString function call.
17-10-2016 - 22:48 27-07-2004 - 00:00
CVE-2001-0198 7.6
Buffer overflow in QuickTime Player plugin 4.1.2 (Japanese) allows remote attackers to execute arbitrary commands via a long HREF parameter in an EMBED tag.
17-10-2016 - 22:10 03-05-2001 - 00:00
CVE-2013-2347 10.0
The Backup Client Service (OmniInet.exe) in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary commands or cause a denial of service via a crafted EXEC_BAR packet to TCP port 5555, aka ZDI-CAN-1885.
21-09-2016 - 09:46 03-01-2014 - 23:51
CVE-2014-0307 9.3
Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a certain sequence of manipulations of a TextRange element, aka "Internet Explorer Me
09-09-2016 - 14:58 12-03-2014 - 01:15
CVE-2014-0322 9.3
Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via vectors involving crafted JavaScript code, CMarkup, and the onpropertychange attribute of a script element, as exploited in the
02-09-2016 - 21:34 14-02-2014 - 11:55
CVE-2012-6303 6.8
Heap-based buffer overflow in the GetWavHeader function in generic/jkSoundFile.c in the Snack Sound Toolkit, as used in WaveSurfer 1.8.8p4, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large c
02-09-2016 - 16:37 28-10-2013 - 18:55
CVE-2015-0179 7.2
Notes System Diagnostic (NSD) in IBM Domino 8.5.x before 8.5.3 FP6 IF6 and 9.x before 9.0.1 FP3 IF1 allows local users to obtain the System privilege via unspecified vectors, aka SPR TCHL9SST8V.
24-08-2016 - 15:24 05-04-2015 - 20:59
CVE-2016-0151 7.2
The Client-Server Run-time Subsystem (CSRSS) in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mismanages process tokens, which allows local users to gain privileges via a crafted application, aka
03-08-2016 - 23:35 12-04-2016 - 19:59
CVE-2011-4620 9.3
Buffer overflow in the ulSetError function in util/ulError.cxx in PLIB 1.8.5, as used in TORCS 1.3.1 and other products, allows user-assisted remote attackers to execute arbitrary code via vectors involving a long error message, as demonstrated by a
02-08-2016 - 09:35 30-12-2011 - 20:55
CVE-2016-5228 10.0
Stack-based buffer overflow in the PlayMacro function in ObjectXMacro.ObjectXMacro in WdMacCtl.ocx in Micro Focus Rumba 9.x before 9.3 HF 11997 and 9.4.x before 9.4 HF 12815 allows remote attackers to execute arbitrary code via a long MacroName argum
08-07-2016 - 08:59 02-07-2016 - 21:59
CVE-2013-0946 9.3
Buffer overflow in the Library Control Program (LCP) in EMC AlphaStor 4.0 before build 910 allows remote attackers to execute arbitrary code via crafted commands.
29-06-2016 - 09:57 10-05-2013 - 07:42
CVE-2015-7243 7.5
Buffer overflow in Boxoft WAV to MP3 Converter allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted WAV file.
24-06-2016 - 11:54 18-09-2015 - 12:59
CVE-2012-0025 6.8
Double free vulnerability in the Free_All_Memory function in jpeg/dectile.c in libfpx before 1.3.1-1, as used in the FlashPix PlugIn 4.2.2.0 for IrfanView, allows remote attackers to cause a denial of service (crash) via a crafted FPX image.
15-06-2016 - 12:31 02-11-2012 - 14:55
CVE-2015-7768 7.5
Buffer overflow in Konica Minolta FTP Utility 1.0 allows remote attackers to execute arbitrary code via a long CWD command.
15-06-2016 - 08:42 09-10-2015 - 10:59
CVE-2011-5165 9.3
Stack-based buffer overflow in Free MP3 CD Ripper 1.1, 2.6 and earlier, when converting a file, allows user-assisted remote attackers to execute arbitrary code via a crafted .wav file.
15-06-2016 - 08:26 15-09-2012 - 13:55
CVE-2014-2299 9.3
Buffer overflow in the mpeg_read function in wiretap/mpeg.c in the MPEG parser in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a large re
01-06-2016 - 22:25 11-03-2014 - 09:01
CVE-2009-0714 7.2
Unspecified vulnerability in the dpwinsup module (dpwinsup.dll) for dpwingad (dpwingad.exe) in HP Data Protector Express and Express SSE 3.x before build 47065, and Express and Express SSE 4.x before build 46537, allows remote attackers to cause a de
19-05-2016 - 23:00 14-05-2009 - 13:30
CVE-2016-3943 7.2
Panda Endpoint Administration Agent before 7.50.00, as used in Panda Security for Business products for Windows, uses a weak ACL for the Panda Security/WaAgent directory and sub-directories, which allows local users to gain SYSTEM privileges by modif
18-05-2016 - 17:45 18-04-2016 - 11:59
CVE-2016-3984 3.6
The McAfee VirusScan Console (mcconsol.exe) in McAfee Active Response (MAR) before 1.1.0.161, Agent (MA) 5.x before 5.0.2 Hotfix 1110392 (5.0.2.333), Data Exchange Layer 2.x (DXL) before 2.0.1.140.1, Data Loss Prevention Endpoint (DLPe) 9.3 before Pa
18-05-2016 - 17:28 08-04-2016 - 11:59
CVE-2015-7378 7.2
Panda Security URL Filtering before 4.3.1.9 uses a weak ACL for the "Panda Security URL Filtering" directory and installed files, which allows local users to gain SYSTEM privileges by modifying Panda_URL_Filteringb.exe.
18-05-2016 - 17:25 18-04-2016 - 11:59
CVE-2016-4535 7.8
Integer signedness error in the AV engine before DAT 8145, as used in McAfee LiveSafe 14.0, allows remote attackers to cause a denial of service (memory corruption and crash) via a crafted packed executable.
10-05-2016 - 08:35 05-05-2016 - 14:59
CVE-2016-3987 10.0
The HTTP server in Trend Micro Password Manager allows remote web servers to execute arbitrary commands via the url parameter to (1) api/openUrlInDefaultBrowser or (2) api/showSB.
18-04-2016 - 14:39 11-04-2016 - 22:00
CVE-2016-3986 9.3
Avast allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via a crafted PE file, related to authenticode parsing.
18-04-2016 - 11:15 11-04-2016 - 22:00
CVE-2013-6194 10.0
Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1905.
06-04-2016 - 08:37 03-01-2014 - 23:51
CVE-2016-0793 5.0
Incomplete blacklist vulnerability in the servlet filter restriction mechanism in WildFly (formerly JBoss Application Server) before 10.0.0.Final on Windows allows remote attackers to read the sensitive files in the (1) WEB-INF or (2) META-INF direct
04-04-2016 - 13:48 01-04-2016 - 15:59
CVE-2016-2288 7.2
Cogent DataHub before 7.3.10 allows local users to gain privileges by leveraging the user or guest role to modify a file.
04-04-2016 - 11:51 29-03-2016 - 11:59
CVE-2015-2023 7.2
Buffer overflow in IBM i Access 7.1 on Windows allows local users to gain privileges via unspecified vectors.
07-01-2016 - 15:10 02-01-2016 - 16:59
CVE-2015-4027 7.2
The AcuWVSSchedulerv10 service in Acunetix Web Vulnerability Scanner (WVS) before 10 build 20151125 allows local users to gain privileges via a command parameter in the reporttemplate property in a params JSON object to api/addScan.
18-12-2015 - 13:03 17-12-2015 - 14:59
CVE-2015-6132 7.2
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandle library loading, which allows local users to gain
09-12-2015 - 12:32 09-12-2015 - 06:59
CVE-2015-6152 9.3
Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015
09-12-2015 - 12:03 09-12-2015 - 06:59
CVE-2011-0961 4.3
Cross-site scripting (XSS) vulnerability in cwhp/device.center.do in the Help servlet in Cisco CiscoWorks Common Services 3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the device parameter, aka Bug ID CSCto12704.
24-11-2015 - 13:08 20-05-2011 - 18:55
CVE-2015-1497 10.0
radexecd.exe in Persistent Systems Radia Client Automation (RCA) 7.9, 8.1, 9.0, and 9.1 allows remote attackers to execute arbitrary commands via a crafted request to TCP port 3465.
19-11-2015 - 12:04 16-02-2015 - 10:59
CVE-2015-0065 9.3
Microsoft Word 2007 SP3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "OneTableDocumentStream Remote Code Execution Vulnerability."
30-10-2015 - 15:27 10-02-2015 - 22:01
CVE-2015-0064 9.3
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word Automation Services in SharePoint Server 2010, Web Applications 2010 SP2, Word Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial
23-10-2015 - 13:01 10-02-2015 - 22:01
CVE-2015-7602 7.8
Directory traversal vulnerability in BisonWare BisonFTP 3.5 allows remote attackers to read arbitrary files via a ../ (dot dot slash) in a RETR command.
13-10-2015 - 12:52 29-09-2015 - 15:59
CVE-2013-0928 9.3
The NetWorker command processor in rrobotd.exe in the Device Manager in EMC AlphaStor 4.0 before build 800 allows remote attackers to execute arbitrary commands via a DCP "run command" operation.
13-10-2015 - 12:33 21-01-2013 - 16:55
CVE-2015-7767 7.5
Buffer overflow in Konica Minolta FTP Utility 1.0 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long USER command.
09-10-2015 - 17:14 09-10-2015 - 10:59
CVE-2014-4141 9.3
Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
08-10-2015 - 12:32 15-10-2014 - 06:55
CVE-2014-4114 9.3
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted OLE object in an Offic
08-10-2015 - 11:29 15-10-2014 - 06:55
CVE-2014-3888 8.3
Stack-based buffer overflow in BKFSim_vhfd.exe in Yokogawa CENTUM CS 1000, CENTUM CS 3000 R3.09.50 and earlier, CENTUM VP R5.03.20 and earlier, Exaopc R3.72.00 and earlier, B/M9000CS R5.05.01 and earlier, and B/M9000 VP R7.03.01 and earlier, when FCS
08-10-2015 - 11:15 10-07-2014 - 07:06
CVE-2015-7603 7.8
Directory traversal vulnerability in Konica Minolta FTP Utility 1.0 allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in a RETR command.
30-09-2015 - 14:26 29-09-2015 - 15:59
CVE-2015-7601 7.8
Directory traversal vulnerability in PCMan's FTP Server 2.0.7 allows remote attackers to read arbitrary files via a ..// (dot dot double slash) in a RETR command.
30-09-2015 - 14:26 29-09-2015 - 15:59
CVE-2015-5465 7.2
Silicon Integrated Systems WindowsXP Display Manager (aka VGA Driver Manager and VGA Display Manager) 6.14.10.3930 allows local users to gain privileges via a crafted (1) 0x96002400 or (2) 0x96002404 IOCTL call.
17-09-2015 - 14:44 16-09-2015 - 14:59
CVE-2014-9208 10.0
Multiple stack-based buffer overflows in unspecified DLL files in Advantech WebAccess before 8.0.1 allow remote attackers to execute arbitrary code via unknown vectors.
14-09-2015 - 14:54 11-09-2015 - 12:59
CVE-2015-0097 9.3
Microsoft Excel 2007 SP3, PowerPoint 2007 SP3, Word 2007 SP3, Excel 2010 SP2, PowerPoint 2010 SP2, and Word 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Word Local Zone Remote Code Execution
11-09-2015 - 11:42 11-03-2015 - 06:59
CVE-2014-4158 7.5
Stack-based buffer overflow in Kolibri 2.0 allows remote attackers to execute arbitrary code via a long URI in a GET request.
02-09-2015 - 13:03 13-06-2014 - 10:55
CVE-2014-3913 10.0
Stack-based buffer overflow in AccessServer32.exe in Ericom AccessNow Server allows remote attackers to execute arbitrary code via a request for a non-existent file.
31-08-2015 - 14:29 04-06-2014 - 10:55
CVE-2014-3878 4.3
Multiple cross-site scripting (XSS) vulnerabilities in the web client interface in Ipswitch IMail Server 12.3 and 12.4, possibly before 12.4.1.15, allow remote attackers to inject arbitrary web script or HTML via (1) the Name field in an add new cont
31-08-2015 - 14:28 05-06-2014 - 13:55
CVE-2015-2470 9.3
Integer underflow in Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, Office for Mac 2011, and Word Viewer allows remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Integer Underfl
18-08-2015 - 11:11 14-08-2015 - 20:59
CVE-2015-2468 9.3
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office for Mac 2011, Office for Mac 2016, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, Word
18-08-2015 - 10:38 14-08-2015 - 20:59
CVE-2015-2431 9.3
Microsoft Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, and Lync Basic 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office Graphics Library (OGL) font, aka "Microsoft
18-08-2015 - 10:30 14-08-2015 - 20:59
CVE-2015-2460 9.3
ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and .NET Framework 3.0 SP2, 3.5,
18-08-2015 - 03:08 14-08-2015 - 20:59
CVE-2015-2459 9.3
ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote atta
17-08-2015 - 14:32 14-08-2015 - 20:59
CVE-2015-2469 9.3
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, and Office for Mac 2011 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."
17-08-2015 - 13:57 14-08-2015 - 20:59
CVE-2015-2458 9.3
ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote atta
17-08-2015 - 13:38 14-08-2015 - 20:59
CVE-2015-2467 9.3
Microsoft Office 2007 SP3 allows remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."
17-08-2015 - 12:53 14-08-2015 - 20:59
CVE-2015-2432 9.3
ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to exe
17-08-2015 - 12:33 14-08-2015 - 20:59
CVE-2014-0787 10.0
Stack-based buffer overflow in WellinTech KingSCADA before 3.1.2.13 allows remote attackers to execute arbitrary code via a crafted packet.
13-08-2015 - 13:45 12-04-2014 - 00:37
CVE-2014-0372 5.5
Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 7.2.0.3 SQL-Server, 7.3.0, 7.3.1, 12.2.1, and 12.2.2 allows remote authenticated users to affect confidentiality and integrity via unkn
07-08-2015 - 13:42 15-01-2014 - 11:08
CVE-2013-6040 9.3
Multiple unspecified vulnerabilities in the MW6 Aztec, DataMatrix, and MaxiCode ActiveX controls allow remote attackers to execute arbitrary code via a crafted HTML document.
07-08-2015 - 13:41 20-01-2014 - 20:55
CVE-2014-3740 3.5
Cross-site scripting (XSS) vulnerability in SpiceWorks before 7.2.00195 allows remote authenticated users to inject arbitrary web script or HTML via the Summary field in a ticket request to the portal page.
31-07-2015 - 21:41 11-09-2014 - 14:55
CVE-2013-5019 10.0
Stack-based buffer overflow in Ultra Mini HTTPD 1.21 allows remote attackers to execute arbitrary code via a long resource name in an HTTP request.
30-07-2015 - 10:55 31-07-2013 - 09:20
CVE-2013-5015 6.5
SQL injection vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 11.0 before 11.0.7405.1424 and 12.1 before 12.1.4023.4080, and Symantec Protection Center Small Business Edition 12.x before 12.1.4023.4080, allows r
30-07-2015 - 10:50 14-02-2014 - 08:10
CVE-2014-2314 4.3
Directory traversal vulnerability in the Issue Collector plugin in Atlassian JIRA before 6.0.4 allows remote attackers to create arbitrary files via unspecified vectors.
29-07-2015 - 12:21 09-03-2014 - 09:16
CVE-2014-2013 7.5
Stack-based buffer overflow in the xps_parse_color function in xps/xps-common.c in MuPDF 1.3 and earlier allows remote attackers to execute arbitrary code via a large number of entries in the ContextColor value of the Fill attribute in a Path element
29-07-2015 - 12:20 03-03-2014 - 11:55
CVE-2014-1843 5.0
Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to obtain the property information of an arbitrary home folder via a Properties action with a .. (dot dot) in the src parameter
29-07-2015 - 12:19 29-04-2014 - 06:37
CVE-2014-1842 5.0
Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to list all usernames via a Go action with a .. (dot dot) in the search-bar value.
29-07-2015 - 12:18 29-04-2014 - 06:37
CVE-2014-1841 5.0
Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to copy an arbitrary user's home folder via a Move action with a .. (dot dot) in the src parameter.
29-07-2015 - 12:17 29-04-2014 - 06:37
CVE-2013-1493 10.0
The color management (CMM) functionality in the 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (crash) via
29-07-2015 - 12:15 05-03-2013 - 17:06
CVE-2014-0780 7.5
Directory traversal vulnerability in NTWebServer in InduSoft Web Studio 7.1 before SP2 Patch 4 allows remote attackers to read administrative passwords in APP files, and consequently execute arbitrary code, via unspecified web requests.
24-07-2015 - 14:35 25-04-2014 - 01:12
CVE-2015-2370 7.2
The authentication implementation in the RPC subsystem in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold
15-07-2015 - 11:24 14-07-2015 - 18:59
CVE-2015-1724 7.2
Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gol
10-06-2015 - 11:57 09-06-2015 - 21:59
CVE-2014-9566 7.5
Multiple SQL injection vulnerabilities in the Manage Accounts page in the AccountManagement.asmx service in the Solarwinds Orion Platform 2015.1, as used in Network Performance Monitor (NPM) before 11.5, NetFlow Traffic Analyzer (NTA) before 4.1, Net
11-03-2015 - 15:19 10-03-2015 - 10:59
CVE-2015-1515 7.2
The dwall.sys driver in SoftSphere DefenseWall Personal Firewall 3.24 allows local users to write data to arbitrary memory locations, and consequently gain privileges, via a crafted 0x00222000, 0x00222004, 0x00222008, 0x0022200c, or 0x00222010 IOCTL
20-02-2015 - 20:23 19-02-2015 - 10:59
CVE-2015-1305 6.9
McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a crafted (1) 0x00224014 or (2) 0x0022c018 IOCTL call.
19-02-2015 - 13:57 06-02-2015 - 10:59
CVE-2014-9632 7.2
The TDI driver (avgtdix.sys) in AVG Internet Security before 2013.3495 Hot Fix 18 and 2015.x before 2015.5315 and Protection before 2015.5315 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a crafted 0
17-02-2015 - 10:28 06-02-2015 - 10:59
CVE-2014-9643 7.2
K7Sentry.sys in K7 Computing Ultimate Security, Anti-Virus Plus, and Total Security before 14.2.0.253 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a crafted 0x95002570, 0x95002574, 0x95002580, 0x950
09-02-2015 - 11:09 06-02-2015 - 10:59
CVE-2014-9642 7.2
bdagent.sys in BullGuard Antivirus, Internet Security, Premium Protection, and Online Backup before 15.0.288 allows local users to write data to arbitrary memory locations, and consequently gain privileges, via a crafted 0x0022405c IOCTL call.
09-02-2015 - 11:09 06-02-2015 - 10:59
CVE-2014-9641 7.2
The tmeext.sys driver before 2.0.0.1015 in Trend Micro Antivirus Plus, Internet Security, and Maximum Security allows local users to write to arbitrary memory locations, and consequently gain privileges, via a crafted 0x00222400 IOCTL call.
09-02-2015 - 11:02 06-02-2015 - 10:59
CVE-2014-9633 7.5
The bdisk.sys driver in COMODO Backup before 4.4.1.23 allows remote attackers to gain privileges via a crafted device handle, which triggers a NULL pointer dereference.
04-02-2015 - 11:39 03-02-2015 - 11:59
CVE-2015-1362 7.5
Buffer overflow in the Customize 35mm tab in Two Pilots Exif Pilot 4.7.2 allows remote attackers to execute arbitrary code via a long string in the maker element in an XML file.
28-01-2015 - 11:17 27-01-2015 - 15:04
CVE-2014-8386 7.5
Multiple stack-based buffer overflows in Advantech AdamView 4.3 and earlier allow remote attackers to execute arbitrary code via a crafted (1) display properties or (2) conditional bitmap parameter in a GNI file.
21-01-2015 - 12:38 20-01-2015 - 10:59
CVE-2012-0874 6.8
The (1) JMXInvokerHAServlet and (2) EJBInvokerHAServlet invoker servlets in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 do not require authentica
17-01-2015 - 21:59 05-02-2013 - 18:55
CVE-2014-10031 7.5
Buffer overflow in the IMAPd service in Qualcomm Eudora WorldMail 9.0.333.0 allows remote attackers to execute arbitrary code via a long string in a UID command.
14-01-2015 - 16:20 13-01-2015 - 10:59
CVE-2014-100015 6.4
Directory traversal vulnerability in pdmwService.exe in SolidWorks Workgroup PDM 2014 allows remote attackers to write to arbitrary files via a .. (dot dot) in the filename in a file upload.
14-01-2015 - 14:47 13-01-2015 - 10:59
CVE-2014-100014 7.5
Multiple stack-based buffer overflows in pdmwService.exe in SolidWorks Workgroup PDM 2014 SP2 allow remote attackers to execute arbitrary code via a long string in a (1) 2001, (2) 2002, or (3) 2003 opcode to port 3000.
14-01-2015 - 14:46 13-01-2015 - 10:59
CVE-2014-9456 10.0
Buffer overflow in NotePad++ 6.6.9 allows remote attackers to have unspecified impact via a long Time attribute in an Event element in an XML file. NOTE: this issue was originally incorrectly mapped to CVE-2014-1004; see CVE-2014-1004 for more infor
10-01-2015 - 21:59 02-01-2015 - 15:59
CVE-2014-9448 7.5
Buffer overflow in Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a long string in a WAX file.
05-01-2015 - 22:03 02-01-2015 - 15:59
CVE-2014-9436 5.0
Absolute path traversal vulnerability in SysAid On-Premise before 14.4.2 allows remote attackers to read arbitrary files via a \\\\ (four backslashes) in the fileName parameter to getRdsLogFile.
05-01-2015 - 16:12 02-01-2015 - 14:59
CVE-2014-9141 7.2
The installer in Thomson Reuters Fixed Assets CS 13.1.4 and earlier uses weak permissions for connectbgdl.exe, which allows local users to execute arbitrary code by modifying this program.
17-12-2014 - 11:17 02-12-2014 - 20:59
CVE-2014-9113 7.2
CCH Wolters Kluwer ProSystem fx Engagement (aka PFX Engagement) 7.1 and earlier uses weak permissions (Authenticated Users: Modify and Write) for the (1) Pfx.Engagement.WcfServices, (2) PFXEngDesktopService, (3) PFXSYNPFTService, and (4) P2EWinServic
15-12-2014 - 11:27 02-12-2014 - 11:59
CVE-2012-2588 4.3
Multiple cross-site scripting (XSS) vulnerabilities in MailEnable Enterprise 6.5 allow remote attackers to inject arbitrary web script or HTML via the (1) From, (2) To, or (3) Subject header or (4) body in an SMTP e-mail message.
18-11-2014 - 19:53 19-09-2014 - 10:55
CVE-2014-5507 7.2
iBackup 10.0.0.32 and earlier uses weak permissions (Everyone: Full Control) for ib_service.exe, which allows local users to gain privileges via a Trojan horse file.
04-11-2014 - 17:10 03-11-2014 - 11:55
CVE-2014-5006 7.5
Directory traversal vulnerability in ZOHO ManageEngine Desktop Central (DC) before 9 build 90055 allows remote attackers to execute arbitrary code via a .. (dot dot) in the fileName parameter to mdm/mdmLogUploader.
24-10-2014 - 10:12 21-10-2014 - 11:55
CVE-2014-5005 7.5
Directory traversal vulnerability in ZOHO ManageEngine Desktop Central (DC) before 9 build 90055 allows remote attackers to execute arbitrary code via a .. (dot dot) in the fileName parameter in an LFU action to statusUpdate.
24-10-2014 - 09:16 21-10-2014 - 11:55
CVE-2014-7226 7.5
The file comment feature in Rejetto HTTP File Server (hfs) 2.3c and earlier allows remote attackers to execute arbitrary code by uploading a file with certain invalid UTF-8 byte sequences that are interpreted as executable macro symbols.
10-10-2014 - 15:59 09-10-2014 - 21:55
CVE-2012-6658 4.3
Multiple cross-site scripting (XSS) vulnerabilities in SpiceWorks 5.3.75941 allow remote attackers to inject arbitrary web script or HTML via the (1) syslocation, (2) syscontact, or (3) sysName configuration in snmpd.conf. NOTE: this entry was SPLIT
18-09-2014 - 11:33 17-09-2014 - 11:55
CVE-2012-2956 6.5
SQL injection vulnerability in SpiceWorks 5.3.75941 allows remote authenticated users to execute arbitrary SQL commands via the id parameter to api_v2.json. NOTE: this entry was SPLIT per ADT2 due to different vulnerability types. CVE-2012-6658 is f
18-09-2014 - 11:32 17-09-2014 - 11:55
CVE-2014-5453 7.2
Ubisoft Uplay PC before 4.6.1.3217 use weak permissions (Everyone: Full Control) for the program installation directory (%PROGRAMFILES%\Ubisoft Game Launcher), which allows local users to gain privileges via a Trojan horse file.
26-08-2014 - 11:16 25-08-2014 - 12:55
CVE-2014-5349 5.0
Stack-based buffer overflow in Baidu Spark Browser 26.5.9999.3511 allows remote attackers to cause a denial of service (application crash) via nested calls to the window.print JavaScript function.
20-08-2014 - 13:36 19-08-2014 - 15:55
CVE-2014-1204 7.5
SQL injection vulnerability in Tableau Server 8.0.x before 8.0.7 and 8.1.x before 8.1.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. NOTE: this can be exploited by unauthenticated remote attackers if t
11-08-2014 - 13:21 31-01-2014 - 10:07
CVE-2013-7184 4.3
Gretech GOM Media Player 2.2.56.5158 and earlier allows remote attackers to cause a denial of service (memory corruption) via a crafted AVI file.
11-08-2014 - 12:01 24-01-2014 - 10:08
CVE-2006-6334 6.8
Heap-based buffer overflow in the SendChannelData function in wfica.ocx in Citrix Presentation Server Client before 9.230 for Windows allows remote malicious web sites to execute arbitrary code via a DataSize parameter that is less than the length of
31-07-2014 - 23:20 07-12-2006 - 20:28
CVE-2014-5116 5.0
The cairo_image_surface_get_data function in Cairo 1.10.2, as used in GTK+ and Wireshark, allows context-dependent attackers to cause a denial of service (NULL pointer dereference) via a large string.
30-07-2014 - 13:18 29-07-2014 - 10:55
CVE-2014-2424 4.0
Unspecified vulnerability in the Oracle Event Processing component in Oracle Fusion Middleware 11.1.1.7.0 allows remote authenticated users to affect integrity via vectors related to CEP system.
24-07-2014 - 00:59 15-04-2014 - 22:55
CVE-2012-4988 9.3
Heap-based buffer overflow in the xjpegls.dll (aka JLS, JPEG-LS, or JPEG lossless) format plugin in XnView 1.99 and 1.99.1 allows remote attackers to execute arbitrary code via a crafted JLS image file.
09-07-2014 - 14:33 09-07-2014 - 10:55
CVE-2010-5299 6.8
Stack-based buffer overflow in MicroP 0.1.1.1600 allows remote attackers to execute arbitrary code via a crafted .mppl file. NOTE: it has been reported that the overflow is in the lpFileName parameter of the CreateFileA function, but the overflow is
30-06-2014 - 14:07 22-05-2014 - 20:55
CVE-2014-4643 5.0
Multiple heap-based buffer overflows in the client in Core FTP LE 2.2 build 1798 allow remote FTP servers to cause a denial of service (application crash) and possibly execute arbitrary code via a long string in a reply to a (1) USER, (2) PASS, (3) P
26-06-2014 - 10:30 25-06-2014 - 16:55
CVE-2008-7053 9.3
LogMeIn Remote Access Utility ActiveX control (RACtrl.dll) allows remote attackers to cause a denial of service (crash) by setting the fgcolor and bgcolor properties to certain long values that trigger memory corruption.
25-06-2014 - 23:42 24-08-2009 - 15:30
CVE-2012-5877 5.0
Nero MediaHome 4.5.8.0 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an HTTP header without a name.
24-06-2014 - 14:16 30-05-2014 - 10:55
CVE-2012-5876 5.0
Multiple off-by-one errors in NMMediaServerService.dll in Nero MediaHome 4.5.8.0 and earlier allow remote attackers to cause a denial of service (crash) via a long string in the (1) request line or (2) HTTP Referer header to TCP port 54444, which tri
24-06-2014 - 12:24 30-05-2014 - 10:55
CVE-2014-3216 4.3
GOM Media Player 2.2.57.5189 and earlier allows remote attackers to cause a denial of service (crash) via a crafted .ogg file.
24-06-2014 - 10:42 10-06-2014 - 10:55
CVE-2012-5106 10.0
Stack-based buffer overflow in FreeFloat FTP Server 1.0 allows remote authenticated users to execute arbitrary code via a long string in a PUT command.
23-06-2014 - 11:32 20-06-2014 - 15:55
CVE-2012-2591 4.3
Multiple cross-site scripting (XSS) vulnerabilities in EmailArchitect Email Server 10.0 and 10.0.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) From or (2) Date field in an email.
23-06-2014 - 10:37 20-06-2014 - 10:55
CVE-2014-4334 7.5
Stack-based buffer overflow in Ubisoft Rayman Legends before 1.3.140380 allows remote attackers to execute arbitrary code via a long string in the "second connection" to TCP port 1001.
20-06-2014 - 13:51 19-06-2014 - 10:55
CVE-2012-2569 4.3
Cross-site scripting (XSS) vulnerability in Synametrics Technologies Xeams 4.4 Build 5720 allows remote attackers to inject arbitrary web script or HTML via the body of an email.
20-06-2014 - 10:12 19-06-2014 - 10:55
CVE-2012-2592 4.3
Cross-site scripting (XSS) vulnerability in Axigen Mail Server 8.0.1 allows remote attackers to inject arbitrary web script or HTML via the body of an email.
19-06-2014 - 14:15 18-06-2014 - 15:55
CVE-2004-2466 5.0
chat.ghp in Easy Chat Server 1.2 allows remote attackers to cause a denial of service (server crash) via a long username parameter, possibly due to a buffer overflow. NOTE: it was later reported that 2.2 is also affected.
12-06-2014 - 21:51 31-12-2004 - 00:00
CVE-2010-5300 6.8
Stack-based buffer overflow in Jzip 1.3 through 2.0.0.132900 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long file name in a zip archive.
12-06-2014 - 09:08 11-06-2014 - 10:55
CVE-2006-2465 5.1
Buffer overflow in MP3Info 0.8.4 allows attackers to execute arbitrary code via a long command line argument. NOTE: if mp3info is not installed setuid or setgid in any reasonable context, then this issue might not be a vulnerability.
30-05-2014 - 22:22 19-05-2006 - 06:02
CVE-2014-3791 10.0
Stack-based buffer overflow in Easy File Sharing (EFS) Web Server 6.8 allows remote attackers to execute arbitrary code via a long string in a cookie UserID parameter to vfolder.ghp.
21-05-2014 - 18:35 20-05-2014 - 10:55
CVE-2013-4694 7.5
Stack-based buffer overflow in gen_jumpex.dll in Winamp before 5.64 Build 3418 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a package with a long Skin directory name. NOTE: a second buffer over
20-05-2014 - 00:07 16-04-2014 - 18:55
CVE-2014-3443 4.3
JetMPAd.ax in JetAudio 8.1.1 and earlier allows remote attackers to cause a denial of service (crash) via a crafted .ogg file.
15-05-2014 - 14:55 14-05-2014 - 15:55
CVE-2013-7246 9.3
Buffer overflow in the IconCreate method in an ActiveX control in the DaumGame ActiveX plugin 1.1.0.4 and 1.1.0.5 allows remote attackers to execute arbitrary code via a long string, as exploited in the wild in January 2014.
05-05-2014 - 01:31 30-01-2014 - 13:55
CVE-2011-0654 10.0
Integer underflow in the BowserWriteErrorLogEntry function in the Common Internet File System (CIFS) browser service in Mrxsmb.sys or bowser.sys in Active Directory in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and S
05-05-2014 - 00:53 15-02-2011 - 20:00
CVE-2014-2994 10.0
Stack-based buffer overflow in Acunetix Web Vulnerability Scanner (WVS) 8 build 20120704 allows remote attackers to execute arbitrary code via an HTML file containing an IMG element with a long URL (src attribute).
28-04-2014 - 12:06 27-04-2014 - 00:32
CVE-2014-1216 7.5
FitNesse Wiki 20131110, 20140201, and earlier allows remote attackers to execute arbitrary commands by defining a COMMAND_PATTERN and TEST_RUNNER in the pageContent parameter when editing a page.
22-04-2014 - 12:24 22-04-2014 - 09:06
CVE-2014-2671 6.8
Microsoft Windows Media Player (WMP) 11.0.5721.5230 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted WAV file.
14-04-2014 - 10:29 31-03-2014 - 10:58
CVE-2009-5141 4.0
Format string vulnerability in War FTP Daemon (warftpd) 1.82 RC 12 allows remote authenticated users to cause a denial of service (crash) via format string specifiers in a LIST command.
01-04-2014 - 07:07 31-03-2014 - 23:24
CVE-2013-5014 7.5
The management console in Symantec Endpoint Protection Manager (SEPM) 11.0 before 11.0.7405.1424 and 12.1 before 12.1.4023.4080, and Symantec Protection Center Small Business Edition 12.x before 12.1.4023.4080, allows remote attackers to read arbitra
26-03-2014 - 00:51 14-02-2014 - 08:10
CVE-2012-4886 10.0
Stack-based buffer overflow in wpsio.dll in Kingsoft WPS Office 2012 possibly 8.1.0.3238 allows remote attackers to execute arbitrary code via a long BSTR string.
24-03-2014 - 18:14 24-03-2014 - 12:43
CVE-2013-3928 9.3
Stack-based buffer overflow in the ReadFile function in flt_BMP.dll in Chasys Draw IES before 4.11.02 allows remote attackers to execute arbitrary code via crafted biPlanes and biBitCount fields in a BMP file.
12-03-2014 - 08:51 11-03-2014 - 15:37
CVE-2013-6767 7.2
Stack-based buffer overflow in pepoly.dll in Quick Heal AntiVirus Pro 7.0.0.1 allows local users to execute arbitrary code or cause a denial of service (process crash) via a long *.text value in a PE file.
05-03-2014 - 23:49 20-12-2013 - 17:55
CVE-2014-0980 9.3
Buffer overflow in Poster Software PUBLISH-iT 3.6d allows remote attackers to execute arbitrary code via a crafted PUI file.
21-02-2014 - 00:06 11-02-2014 - 12:55
CVE-2013-5791 1.5
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.4.1 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters. NOTE: the previous infor
11-02-2014 - 23:49 16-10-2013 - 11:55
CVE-2014-0379 4.3
Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 7.2.0.3 SQL-Server, 7.3.0.x, 7.3.1.x, 12.2.0, 12.2.1, and 12.2.2 allows remote attackers to affect integrity via unknown vectors relate
06-02-2014 - 23:51 15-01-2014 - 11:08
CVE-2014-1202 9.3
The WSDL/WADL import functionality in SoapUI before 4.6.4 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL file.
27-01-2014 - 23:57 24-01-2014 - 20:55
CVE-2013-4884 4.3
Cross-site scripting (XSS) vulnerability in McAfee SuperScan 4.0 allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded sequences in a server response, which is not properly handled in the SuperScan HTML report.
22-01-2014 - 14:53 21-01-2014 - 13:55
CVE-2013-3482 9.3
Stack-based buffer overflow in the rf_report_error function in ermapper_u.dll in Intergraph ERDAS ER Viewer before 13.0.1.1301 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long string in an
21-01-2014 - 16:14 19-01-2014 - 12:16
CVE-2013-5447 6.8
Stack-based buffer overflow in IBM Forms Viewer 4.x before 4.0.0.3 and 8.x before 8.0.1.1 allows remote attackers to execute arbitrary code via an XFDL form with a long fontname value.
13-01-2014 - 23:28 10-12-2013 - 01:14
CVE-2011-5012 10.0
Heap-based buffer overflow in the Reflection FTP Client (rftpcom.dll 7.2.0.106 and possibly other versions), as used in Attachmate Reflection 2008, Reflection 2011 R1 before 15.3.2.569 and R1 SP1 before, Reflection 2011 R2 before 15.4.1.327, Reflecti
07-01-2014 - 23:24 24-12-2011 - 20:55
CVE-2009-1667 9.3
Stack-based buffer overflow in Mini-stream CastRipper 2.50.70 allows remote attackers to execute arbitrary code via a long entry in a .m3u file, a different vector than CVE-2009-5137.
07-01-2014 - 22:54 18-05-2009 - 14:30
CVE-2009-5137 7.5
Stack-based buffer overflow in Mini-stream CastRipper 2.50.70 allows remote attackers to execute arbitrary code via a long URL in the [playlist] section in a .pls file, a different vector than CVE-2009-1667.
06-01-2014 - 21:53 03-01-2014 - 14:55
CVE-2013-6937 6.8
Buffer overflow in VideoCharge Software Watermark Master 2.2.23 allows remote attackers to execute arbitrary code via a long string in the name attribute of the cols element in a .wstyle file.
03-01-2014 - 23:50 04-12-2013 - 11:15
CVE-2013-6162 4.3
Cross-site scripting (XSS) vulnerability in Code-Crafters Ability Mail Server 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the body of an email.
23-12-2013 - 10:32 20-12-2013 - 19:55
CVE-2013-7186 9.3
Buffer overflow in Steinberg MyMp3PRO 5.0 (Build 5.1.0.21) allows remote attackers to execute arbitrary code via a long string in a .m3u file.
23-12-2013 - 09:50 20-12-2013 - 18:55
CVE-2009-4663 9.3
Heap-based buffer overflow in the Quiksoft EasyMail Objects 6 ActiveX control allows remote attackers to execute arbitrary code via a long argument to the AddAttachment method.
12-12-2013 - 23:33 03-03-2010 - 15:30
CVE-2007-4607 9.3
Buffer overflow in the EasyMailSMTPObj ActiveX control in emsmtp.dll 6.0.1 in the Quiksoft EasyMail SMTP Object, as used in Postcast Server Pro 3.0.61, allows remote attackers to execute arbitrary code via a long argument to the SubmitToExpress metho
12-12-2013 - 22:53 30-08-2007 - 20:17
CVE-2006-6199 7.5
Stack-based buffer overflow in BlazeVideo BlazeDVD Standard and Professional 5.0, and possibly earlier, allows remote attackers to execute arbitrary code via a long filename in a PLF playlist.
12-12-2013 - 22:37 30-11-2006 - 20:28
CVE-2006-6184 10.0
Multiple stack-based buffer overflows in Allied Telesyn TFTP Server (AT-TFTP) 1.9, and possibly earlier, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a long filename in a (1) GET or (2) PUT command.
12-12-2013 - 22:37 30-11-2006 - 19:28
CVE-2013-6283 7.5
VideoLAN VLC Media Player 2.0.8 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a URL in a m3u file.
05-12-2013 - 00:31 25-10-2013 - 19:55
CVE-2013-6874 9.3
Stack-based buffer overflow in Vortex Light Alloy before 4.7.4 allows remote attackers to execute arbitrary code via a long URL in a .m3u file.
27-11-2013 - 09:49 26-11-2013 - 11:55
CVE-2009-0927 9.3
Stack-based buffer overflow in Adobe Reader and Adobe Acrobat 9 before 9.1, 8 before 8.1.3 , and 7 before 7.1.1 allows remote attackers to execute arbitrary code via a crafted argument to the getIcon method of a Collab object, a different vulnerabili
22-11-2013 - 13:19 19-03-2009 - 06:30
CVE-2013-3660 6.9
The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 does
02-11-2013 - 23:33 24-05-2013 - 16:55
CVE-2012-5470 4.3
libpng_plugin in VideoLAN VLC media player 2.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted PNG file.
02-11-2013 - 23:28 26-10-2012 - 06:39
CVE-2011-0257 9.3
Integer signedness error in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PnSize opcode in a PICT file that triggers a stack-based buffer overflow.
02-11-2013 - 23:09 15-08-2011 - 17:55
CVE-2010-0187 4.3
Adobe Flash Player before 10.0.45.2 and Adobe AIR before 1.5.3.9130 allow remote attackers to cause a denial of service (application crash) via a modified SWF file.
02-11-2013 - 22:56 15-02-2010 - 13:30
CVE-2009-0950 9.3
Stack-based buffer overflow in Apple iTunes before 8.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an itms: URL with a long URL component after a colon.
02-11-2013 - 22:48 02-06-2009 - 14:30
CVE-2013-6128 5.8
The KCHARTXYLib.KChartXY ActiveX control in KChartXY.ocx before 65.30.30000.10002 in WellinTech KingView before 6.53 does not properly restrict SaveToFile method calls, which allows remote attackers to create or overwrite arbitrary files, and subsequ
28-10-2013 - 09:39 25-10-2013 - 16:55
CVE-2013-6127 5.8
The SUPERGRIDLib.SuperGrid ActiveX control in SuperGrid.ocx before 65.30.30000.10002 in WellinTech KingView before 6.53 does not properly restrict ReplaceDBFile method calls, which allows remote attackers to create or overwrite arbitrary files, and s
28-10-2013 - 09:32 25-10-2013 - 16:55
CVE-2013-6079 7.2
Buffer overflow in MostGear Soft Easy LAN Folder Share 3.2.0.100 allows local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long string in the (1) registration code field in the activate license wind
15-10-2013 - 12:38 11-10-2013 - 18:55
CVE-2013-5716 4.3
Gretech GOM Media Player 2.2.53.5169 and possibly earlier allows remote attackers to cause a denial of service (application crash) via a crafted WAV file.
08-10-2013 - 12:04 09-09-2013 - 13:55
CVE-2013-0742 9.3
Stack-based buffer overflow in Corel PDF Fusion 1.11 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long ZIP directory entry name in an XPS file.
07-10-2013 - 09:35 03-10-2013 - 19:55
CVE-2008-1770 9.3
CRLF injection vulnerability in Akamai Download Manager ActiveX control before 2.2.3.6 allows remote attackers to force the download and execution of arbitrary files via a URL parameter containing an encoded LF followed by a malicious target line.
03-10-2013 - 15:32 04-06-2008 - 17:32
CVE-2013-4900 5.0
Directory traversal vulnerability in DeWeS web server 0.4.2 and possibly earlier, as used in Twilight CMS, allows remote attackers to read arbitrary files via a ..%5c (dot dot encoded backslash) in a GET request.
13-09-2013 - 14:56 09-09-2013 - 13:55
CVE-2011-5003 10.0
Stack-based buffer overflow in the Phonetic Indexer (AvidPhoneticIndexer.exe) in Avid Media Composer 5.5.3 and earlier allows remote attackers to execute arbitrary code via a long request to TCP port 4659.
08-09-2013 - 02:11 24-12-2011 - 20:55
CVE-2009-0443 9.3
Stack-based buffer overflow in Elecard AVC HD PLAYER 5.5.90116 allows remote attackers to execute arbitrary code via an M3U file containing a long string in a URL.
31-08-2013 - 01:58 10-02-2009 - 02:00
CVE-2010-2004 9.3
Stack-based buffer overflow in BS.Global BS.Player 2.51 Build 1022 Free, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via the Skin parameter in the Options section of a skins file (.bsi), a different vu
29-08-2013 - 02:20 20-05-2010 - 17:30
CVE-2010-3595 7.8
Unspecified vulnerability in the Oracle Document Capture component in Oracle Fusion Middleware 10.1.3.4 and 10.1.3.5 allows remote attackers to affect confidentiality via unknown vectors related to Import Server. NOTE: the previous information was o
28-08-2013 - 02:26 19-01-2011 - 11:00
CVE-2010-5289 7.5
Buffer overflow in the Authenticate method in the INCREDISPOOLERLib.Pop ActiveX control in ImSpoolU.dll in IncrediMail 2.0 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long s
27-08-2013 - 10:17 24-08-2013 - 23:27
CVE-2008-2992 9.3
Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a PDF file that calls the util.printf JavaScript function with a crafted format string argument, a related issue to CVE-20
27-08-2013 - 02:03 04-11-2008 - 13:29
CVE-2013-5578 9.3
Buffer overflow in the ToDot method in the WINGRAPHVIZLib.NEATO ActiveX control in WinGraphviz.dll in StarUML allows remote attackers to execute arbitrary code via a long argument.
26-08-2013 - 15:27 24-08-2013 - 23:27
CVE-2013-3956 7.2
The NICM.SYS kernel driver 3.1.11.0 in Novell Client 4.91 SP5 on Windows XP and Windows Server 2003; Novell Client 2 SP2 on Windows Vista and Windows Server 2008; and Novell Client 2 SP3 on Windows Server 2008 R2, Windows 7, Windows 8, and Windows Se
22-08-2013 - 02:54 31-07-2013 - 09:20
CVE-2010-2703 10.0
Stack-based buffer overflow in the execvp_nc function in the ov.dll module in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53, when running on Windows, allows remote attackers to execute arbitrary code via a long HTTP request to webappmon.exe
21-08-2013 - 02:23 28-07-2010 - 08:48
CVE-2010-3962 9.3
Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an "invalid flag reference" issu
19-08-2013 - 02:16 05-11-2010 - 13:00
CVE-2010-2744 7.2
The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly manage a window class, which allows local users to gain privileges b
16-08-2013 - 03:06 13-10-2010 - 15:00
CVE-2013-2577 9.3
Buffer overflow in XnView before 2.04 allows remote attackers to execute arbitrary code via a crafted PCT file.
13-08-2013 - 15:41 09-08-2013 - 17:55
CVE-2013-2576 6.8
Buffer overflow in Artweaver before 3.1.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted AWD file.
13-08-2013 - 15:10 09-08-2013 - 17:55
CVE-2010-3134 9.3
Untrusted search path vulnerability in Google Earth 5.1.3535.3218 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse quserex.dll that is located in the same folder as a .k
09-08-2013 - 02:24 26-08-2010 - 14:36
CVE-2010-2330 9.3
Stack-based buffer overflow in iSharer File Sharing Wizard 1.5.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long Content-Length header.
08-08-2013 - 02:18 18-06-2010 - 16:30
CVE-2007-6331 9.3
Absolute path traversal vulnerability in the HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shipped with HP Info Center (hpinfocenter.exe) 1.0.1.1 in HP Quick Launch Button (QLBCTRL.exe, aka QLB) 6.3 and earlier allows remote attackers t
03-08-2013 - 02:40 13-12-2007 - 14:46
CVE-2012-1008 5.0
OfficeSIP Server 3.1 allows remote attackers to cause a denial of service (daemon crash) via a crafted To header in a SIP INVITE message.
26-07-2013 - 02:40 07-02-2012 - 23:11
CVE-2007-5257 10.0
Stack-based buffer overflow in the EDraw.OfficeViewer ActiveX control in officeviewer.ocx in EDraw Office Viewer Component 5.3.220.1 and earlier allows remote attackers to execute arbitrary code via long strings in the first and second arguments to t
20-07-2013 - 02:18 06-10-2007 - 13:17
CVE-2010-3138 9.3
Untrusted search path vulnerability in the Indeo Codec in iac25_32.ax in Microsoft Windows XP SP3 allows local users to gain privileges via a Trojan horse iacenc.dll file in the current working directory, as demonstrated by access through BS.Player o
18-07-2013 - 23:57 27-08-2010 - 15:00
CVE-2007-2722 7.8
Unspecified vulnerability in NewzCrawler 1.8 allows remote attackers to cause a denial of service (application instability) via certain invalid strings in the URL attribute of an ENCLOSURE element, as demonstrated by a "%s" sequence, a "%Y" sequence,
17-07-2013 - 11:21 16-05-2007 - 18:30
CVE-2010-0249 9.3
Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4; Windows XP SP2 and SP3; Windows Server 2003 SP2; Windows Vista Gold, SP1, and SP2; Windows Server 2008 Gold, SP2, and R2; and Windows 7 allows remote
13-07-2013 - 02:41 15-01-2010 - 12:30
CVE-2013-3563 7.5
Stack-based buffer overflow in db_netserver in Lianja SQL Server before 1.0.0RC5.2 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted string to TCP port 8001.
05-07-2013 - 00:00 04-07-2013 - 10:33
CVE-2010-3147 9.3
Untrusted search path vulnerability in wab.exe 6.00.2900.5512 in Windows Address Book in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to
07-06-2013 - 22:55 27-08-2010 - 15:00
CVE-2010-3143 9.3
Untrusted search path vulnerability in Microsoft Windows Contacts allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wab32res.dll that is located in the same folder as a .
07-06-2013 - 22:55 27-08-2010 - 15:00
CVE-2013-3661 4.9
The EPATHOBJ::bFlatten function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not check whether li
05-06-2013 - 23:26 24-05-2013 - 16:55
CVE-2011-5007 10.0
Stack-based buffer overflow in the CmpWebServer component in 3S CoDeSys 3.4 SP4 Patch 2 and earlier, as used on the ABB AC500 PLC and possibly other products, allows remote attackers to execute arbitrary code via a long URI to TCP port 8080.
20-05-2013 - 23:12 24-12-2011 - 20:55
CVE-2013-3075 10.0
Multiple buffer overflows in ActUWzd.dll 1.0.0.1 in Mitsubishi MX Component 3, as distributed in Citect CitectFacilities 7.10 and CitectScada 7.10r1, allow remote attackers to execute arbitrary code via a long string, as demonstrated by a long WzTitl
15-05-2013 - 00:00 19-04-2013 - 07:44
CVE-2010-0219 10.0
Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by u
09-05-2013 - 23:14 18-10-2010 - 13:00
CVE-2013-2760 6.8
Buffer overflow in Groovy Media Player 3.2.0 allows remote attackers to execute arbitrary code via a long string in a .m3u file.
18-04-2013 - 00:00 16-04-2013 - 10:04
CVE-2012-0267 9.3
The StopModule method in the NTR ActiveX control before 2.0.4.8 allows remote attackers to execute arbitrary code via a crafted lModule parameter that triggers use of an arbitrary memory address as a function pointer.
04-04-2013 - 23:07 14-01-2012 - 22:55
CVE-2012-0266 9.3
Multiple stack-based buffer overflows in the NTR ActiveX control before 2.0.4.8 allow remote attackers to execute arbitrary code via (1) a long bstrUrl parameter to the StartModule method, (2) a long bstrParams parameter to the Check method, a long b
04-04-2013 - 23:07 14-01-2012 - 22:55
CVE-2012-6534 4.3
Novell Sentinel Log Manager before 1.2.0.3 allows remote attackers to create data retention policies via a crafted text/x-gwt-rpc request to novelllogmanager/datastorageservice.rpc, and allows remote authenticated Report Administrators to create data
04-04-2013 - 00:00 29-03-2013 - 12:08
CVE-2012-4177 10.0
The web browser plugin for Ubisoft Uplay PC before 2.0.4 allows remote attackers to execute arbitrary programs via the -orbit_exe_path command line argument.
01-04-2013 - 23:19 07-08-2012 - 16:55
CVE-2012-2584 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Alt-N MDaemon Free 12.5.4 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) the Cascading Style Sheets (CSS) expression property in conjunction wit
22-03-2013 - 23:10 12-08-2012 - 13:55
CVE-2012-3294 6.8
Multiple cross-site request forgery (CSRF) vulnerabilities in the Web Gateway component in IBM WebSphere MQ File Transfer Edition 7.0.4 and earlier, and WebSphere MQ - Managed File Transfer 7.5, allow remote attackers to hijack the authentication of
21-03-2013 - 23:11 17-08-2012 - 06:31
CVE-2011-1524 4.3
Cross-site scripting (XSS) vulnerability in the management login GUI page in Symantec LiveUpdate Administrator (LUA) before 2.3 allows remote attackers to inject arbitrary web script or HTML via the username field, as demonstrated by injecting an IFR
06-02-2013 - 23:43 28-03-2011 - 14:55
CVE-2011-0545 6.8
Cross-site request forgery (CSRF) vulnerability in adduser.do in Symantec LiveUpdate Administrator (LUA) before 2.3 allows remote attackers to hijack the authentication of administrators for requests that create new administrative accounts, and possi
06-02-2013 - 23:41 28-03-2011 - 12:55
CVE-2012-5335 4.0
Directory traversal vulnerability in Tiny Server 1.1.5 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the URI of an HTTP request.
31-01-2013 - 00:00 08-10-2012 - 19:55
CVE-2012-6530 7.1
Stack-based buffer overflow in Sysax Multi Server before 5.52, when HTTP is enabled, allows remote authenticated users with the create folder permission to execute arbitrary code via a crafted request.
31-01-2013 - 00:00 31-01-2013 - 00:44
CVE-2009-5134 6.8
Buffer overflow in the "create torrent dialog" functionality in uTorrent 1.8.3 build 15772, and possibly other versions before 1.8.3 (Build 16010), allows user-assisted remote attackers to cause a denial of service (application crash) and possibly ex
29-01-2013 - 00:00 18-01-2013 - 18:55
CVE-2012-5329 4.0
Buffer overflow in TYPSoft FTP Server 1.1 allows remote authenticated users to cause a denial of service (application crash) via a long string in an APPE command.
25-01-2013 - 23:58 08-10-2012 - 19:55
CVE-2012-5875 5.0
Firefly Media Server 1.0.0.1359 allows remote attackers to cause a denial of service (NULL pointer dereference) via a (1) crafted Connection HTTP header; a return carriage control character in the (2) Accept Language header, (3) User-agent header, (4
18-01-2013 - 00:00 18-01-2013 - 06:48
CVE-2012-5897 9.3
The (1) SimpleTree and (2) ReportTree classes in the ARDoc ActiveX control (ARDoc.dll) in Quest InTrust 10.4.0.853 and earlier do not properly implement the SaveToFile method, which allows remote attackers to write or overwrite arbitrary files via th
15-01-2013 - 00:00 17-11-2012 - 16:55
CVE-2008-6953 9.3
Buffer overflow in oovoo.exe in ooVoo 1.7.1.35, and possibly other versions before 1.7.1.59, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long oovoo: URI.
03-01-2013 - 00:00 12-08-2009 - 06:30
CVE-2007-3633 6.4
Absolute path traversal vulnerability in the Chilkat Software Chilkat Zip ActiveX control in ChilkatZip2.dll 12.4.2.0 allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the (1) SaveLastError method a
18-12-2012 - 22:38 09-07-2007 - 20:30
CVE-2012-4991 8.5
Multiple directory traversal vulnerabilities in Axway SecureTransport 5.1 SP2 and earlier allow remote authenticated users to (1) read, (2) delete, or (3) create files, or (4) list directories, via a ..%5C (encoded dot dot backslash) in a URI.
13-12-2012 - 00:00 13-12-2012 - 06:53
CVE-2012-6042 4.3
GPSMapEdit 1.1.73.2 allows user-assisted remote attackers to cause a denial of service (crash) via a long string in a lst file.
27-11-2012 - 23:41 26-11-2012 - 17:55
CVE-2012-6044 4.3
M-Player 0.4 allows remote attackers to cause a denial of service (crash) via a crafted MP3 file.
27-11-2012 - 00:00 26-11-2012 - 17:55
CVE-2012-6048 5.0
Guitar Pro 6.1.1 r10791 allows remote attackers to cause a denial of service (crash) via a long string in a gpx file.
27-11-2012 - 00:00 26-11-2012 - 23:49
CVE-2012-5896 10.0
The Annotation Objects Extension ActiveX control in AnnotateX.dll in Quest InTrust 10.4.0.853 and earlier does not properly implement the Add method, which allows remote attackers to execute arbitrary code via a memory address in the first argument,
19-11-2012 - 00:00 17-11-2012 - 16:55
CVE-2012-5905 4.0
Buffer overflow in KnFTPd 1.0.0 allows remote authenticated users to cause a denial of service (crash) via a long string in a FEAT command.
19-11-2012 - 00:00 17-11-2012 - 16:55
CVE-2010-1199 9.3
Integer overflow in the XSLT node sorting implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a large text value for
05-11-2012 - 23:38 24-06-2010 - 08:30
CVE-2008-2549 4.3
Adobe Acrobat Reader 8.1.2 and earlier, and before 7.1.1, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed PDF document, as demonstrated by 2008-HI2.pdf.
05-11-2012 - 23:03 04-06-2008 - 15:32
CVE-2007-3703 6.8
Stack-based buffer overflow in a certain ActiveX control in sasatl.dll 1.5.0.531 in Zenturi Program Checker (ProgramChecker) Pro allows remote attackers to execute arbitrary code via a long argument to the Fill method. NOTE: this is probably a diffe
05-11-2012 - 22:43 11-07-2007 - 19:30
CVE-2007-3649 6.8
Absolute path traversal vulnerability in a certain ActiveX control in hpqvwocx.dll 2.1.0.556 in Hewlett-Packard (HP) Digital Imaging allows remote attackers to create or overwrite arbitrary files via the second argument to the SaveToFile method.
05-11-2012 - 22:42 10-07-2007 - 13:30
CVE-2007-3340 7.8
BugHunter HTTP SERVER (httpsv.exe) 1.6.2 allows remote attackers to cause a denial of service (application crash) via a large number of requests for nonexistent pages.
05-11-2012 - 22:41 21-06-2007 - 18:30
CVE-2007-3166 6.8
Buffer overflow in Qualcomm Eudora 7.1.0.9 allows user-assisted, remote IMAP servers to execute arbitrary code via a long FLAGS response to a SELECT INBOX command.
05-11-2012 - 22:41 11-06-2007 - 18:30
CVE-2007-3162 5.0
Buffer overflow in the NotSafe function in the idaiehlp ActiveX control in idaiehlp.dll 1.9.1.74 in Internet Download Accelerator (ida) 5.2 allows remote attackers to cause a denial of service (Internet Explorer crash) via a long argument.
05-11-2012 - 22:41 11-06-2007 - 18:30
CVE-2007-2851 7.5
A certain ActiveX control in LeadTools Raster Variant Object Library (LTRVR14e.dll) 14.5.0.44 allows remote attackers to overwrite arbitrary files via the WriteDataToFile method.
05-11-2012 - 22:40 24-05-2007 - 14:30
CVE-2007-2787 7.5
Stack-based buffer overflow in the BrowseDir function in the (1) lttmb14E.ocx or (2) LTRTM14e.DLL ActiveX control in LeadTools Raster Thumbnail Object Library 14.5.0.44 allows remote attackers to execute arbitrary code via a long argument.
05-11-2012 - 22:40 21-05-2007 - 19:30
CVE-2007-2772 7.8
(1) caloggerd.exe (camt70.dll) and (2) mediasvr.exe (catirpc.dll and rwxdr.dll) in CA BrightStor Backup 11.5.2.0 SP2 allow remote attackers to cause a denial of service (NULL dereference and application crash) via a crafted RPC packet.
05-11-2012 - 22:39 21-05-2007 - 17:30
CVE-2007-2526 9.3
Heap-based buffer overflow in the ConnectAsyncEx function in VNC Viewer ActiveX control (scvncctrl.dll) in the SmartCode VNC Manager 3.6 allows remote attackers to execute arbitrary code via a long argument.
05-11-2012 - 22:38 08-05-2007 - 19:19
CVE-2007-2222 9.3
Multiple buffer overflows in the (1) ActiveListen (Xlisten.dll) and (2) ActiveVoice (Xvoice.dll) speech controls, as used by Microsoft Internet Explorer 5.01, 6, and 7, allow remote attackers to execute arbitrary code via a crafted ActiveX object tha
05-11-2012 - 22:37 12-06-2007 - 15:30
CVE-2007-1644 10.0
The dynamic DNS update mechanism in the DNS Server service on Microsoft Windows does not properly authenticate clients in certain deployments or configurations, which allows remote attackers to change DNS records for a web proxy server and conduct ma
05-11-2012 - 22:35 23-03-2007 - 20:19
CVE-2007-1579 10.0
Stack-based buffer overflow in Atrium MERCUR IMAPD allows remote attackers to have an unknown impact via a certain SUBSCRIBE command.
05-11-2012 - 22:34 21-03-2007 - 19:19
CVE-2007-0038 9.3
Stack-based buffer overflow in the animated cursor code in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a large length value in the second (or later) a
05-11-2012 - 22:30 30-03-2007 - 16:19
CVE-2008-4250 10.0
The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during p
30-10-2012 - 23:04 23-10-2008 - 18:00
CVE-2008-4037 9.3
Microsoft Windows 2000 Gold through SP4, XP Gold through SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote SMB servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, as
30-10-2012 - 23:03 12-11-2008 - 18:30
CVE-2007-3984 7.5
Buffer overflow in a certain ActiveX control in the NixonMyPrograms class in sasatl.dll 1.5.0.531 in Zenturi ProgramChecker allows remote attackers to execute arbitrary code via a long argument to the Scan method. NOTE: this is probably a different
30-10-2012 - 22:40 25-07-2007 - 13:30
CVE-2007-3681 6.6
The IOCTL 9031 (BIOCGSTATS) handler in the NPF.SYS device driver in WinPcap before 4.0.1 allows local users to overwrite memory and execute arbitrary code via malformed Interrupt Request Packet (Irp) parameters.
30-10-2012 - 22:39 11-07-2007 - 13:30
CVE-2007-3608 5.0
Multiple unspecified vulnerabilities in ActiveX controls in the EnjoySAP SAP GUI allow remote attackers to create certain files via unspecified vectors.
30-10-2012 - 22:39 06-07-2007 - 15:30
CVE-2007-3607 5.0
Multiple unspecified vulnerabilities in ActiveX controls in the EnjoySAP SAP GUI allow remote attackers to cause a denial of service (process crash) via unspecified vectors.
30-10-2012 - 22:39 06-07-2007 - 15:30
CVE-2007-3487 6.4
Absolute path traversal in a certain ActiveX control in hpqxml.dll 2.0.0.133 in Hewlett-Packard (HP) Photo Digital Imaging allows remote attackers to create or overwrite arbitrary files via the argument to the saveXMLAsFile method.
30-10-2012 - 22:38 29-06-2007 - 14:30
CVE-2007-3459 6.4
A certain ActiveX control in Avaxswf.dll 1.0.0.1 in Civitech Avax Vector 1.3 allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the WriteMovie method.
30-10-2012 - 22:38 27-06-2007 - 14:30
CVE-2007-3435 9.3
Stack-based buffer overflow in the BeginPrint method in a certain ActiveX control in RKD Software (barcodetools.com) BarCodeAx.dll 4.9 allows remote attackers to execute arbitrary code via a long argument.
30-10-2012 - 22:38 26-06-2007 - 20:30
CVE-2007-3294 7.5
Multiple buffer overflows in libtidy, as used in the Tidy extension for PHP 5.2.3 and possibly other products, allow context-dependent attackers to execute arbitrary code via (1) a long second argument to the tidy_parse_string function or (2) an unsp
30-10-2012 - 22:38 20-06-2007 - 17:30
CVE-2007-3148 9.3
Buffer overflow in the Yahoo! Webcam Viewer ActiveX control in ywcvwr.dll 2.0.1.4 for Yahoo! Messenger 8.1.0.249 allows remote attackers to execute arbitrary code via a long server property value to the receive method.
30-10-2012 - 22:37 11-06-2007 - 14:30
CVE-2007-3006 6.8
Buffer overflow in Acoustica MP3 CD Burner 4.32 allows user-assisted remote attackers to execute arbitrary code via a .asx playlist file with a REF element containing a long string in the HREF attribute. NOTE: it was later claimed that 4.51 Build 147
30-10-2012 - 22:36 04-06-2007 - 13:30
CVE-2007-2726 7.8
BitsCast 0.13.0 allows remote attackers to cause a denial of service (application crash) via an RSS 2.0 feed item with certain invalid strings in a pubDate element, as demonstrated by repeated "../A" or "A/../" patterns.
30-10-2012 - 22:35 16-05-2007 - 18:30
CVE-2007-2237 7.1
Microsoft Windows Graphics Device Interface (GDI+, GdiPlus.dll) allows context-dependent attackers to cause a denial of service (crash) via an ICO file with an InfoHeader containing a Height of zero, which triggers a divide-by-zero error.
30-10-2012 - 22:33 06-06-2007 - 16:30
CVE-2012-2271 10.0
Buffer overflow in the InitLicenKeys function in a certain ActiveX control in SkinCrafter3_vs2005.dll in SkinCrafter 3.0 allows remote attackers to execute arbitrary code via a long string in the first argument (aka the reg_name argument).
30-10-2012 - 00:04 21-05-2012 - 16:55
CVE-2008-4558 6.8
Array index error in VLC media player 0.9.2 allows remote attackers to overwrite arbitrary memory and execute arbitrary code via an XSPF playlist file with a negative identifier tag, which passes a signed comparison.
29-10-2012 - 23:17 14-10-2008 - 20:00
CVE-2008-2390 6.8
Hpufunction.dll 4.0.0.1 in HP Software Update exposes the unsafe (1) ExecuteAsync and (2) Execute methods, which allows remote attackers to execute arbitrary code via an absolute pathname in the first argument.
29-10-2012 - 23:11 21-05-2008 - 09:24
CVE-2008-1713 5.0
MailServer.exe in NoticeWare Email Server 4.6.1.0 allows remote attackers to cause a denial of service (application crash) via a long string to IMAP port (143/tcp).
29-10-2012 - 23:09 09-04-2008 - 17:05
CVE-2008-1647 9.3
The ChilkatHttp.ChilkatHttp.1 and ChilkatHttp.ChilkatHttpRequest.1 ActiveX controls in ChilkatHttp.dll 2.4.0.0, 2.3.0.0, and earlier in ChilkatHttp ActiveX expose the unsafe SaveLastError method, which allows remote attackers to overwrite arbitrary f
29-10-2012 - 23:09 02-04-2008 - 13:44
CVE-2010-5193 9.3
Stack-based buffer overflow in the TIFMergeMultiFiles function in the SCRIBBLE.ScribbleCtrl.1 ActiveX control (ImageViewer2.ocx) in Viscom Image Viewer CP Pro 8.0 and Gold 6.0 allows remote attackers to execute arbitrary code via a long strDelimit pa
26-10-2012 - 00:00 31-08-2012 - 17:55
CVE-2011-5233 4.3
Heap-based buffer overflow in IrfanView before 4.32 allows remote attackers to execute arbitrary code via crafted "Rows Per Strip" and "Samples Per Pixel" values in a TIFF image file.
26-10-2012 - 00:00 25-10-2012 - 13:55
CVE-2012-2578 4.3
Multiple cross-site scripting (XSS) vulnerabilities in SmarterMail 9.2 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a JavaScript alert function used in conjunction with the fromCharCode method, (2)
26-10-2012 - 00:00 19-09-2012 - 06:57
CVE-2012-2586 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Mailtraq 2.17.3.3150 allow remote attackers to inject arbitrary web script or HTML via an e-mail message subject with (1) a JavaScript alert function used in conjunction with the fromCharCode met
26-10-2012 - 00:00 19-09-2012 - 06:57
CVE-2009-2694 10.0
The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (memory
22-10-2012 - 23:09 21-08-2009 - 07:02
CVE-2009-0812 9.3
Stack-based buffer overflow in BreakPoint Software Hex Workshop 4.23, 6.0.1.4603, and other 6.x and earlier versions allows remote attackers to execute arbitrary code via a crafted Intel Hex Code (.hex) file. NOTE: some of these details are obtained
22-10-2012 - 23:03 04-03-2009 - 12:30
CVE-2007-4734 4.3
Buffer overflow in Ots Labs OTSTurntables 1.00 allows user-assisted remote attackers to execute arbitrary code via a long file path in an m3u file.
22-10-2012 - 22:34 06-09-2007 - 15:17
CVE-2012-1189 9.3
Stack-based buffer overflow in modules/graphic/ssgraph/grsound.cpp in The Open Racing Car Simulator (TORCS) before 1.3.3 and Speed Dreams allows user-assisted remote attackers to execute arbitrary code via a long file name in an engine sample attribu
09-10-2012 - 00:00 08-10-2012 - 14:55
CVE-2012-5324 9.3
Multiple buffer overflows in the Pdf Printer Preferences ActiveX Control in pdfxctrl.dll in Tracker Software PDF-XChange 3.60.0128 allow remote attackers to execute arbitrary code via a long string in the (1) sub_path parameter to the StoreInRegistry
09-10-2012 - 00:00 08-10-2012 - 16:55
CVE-2008-4652 9.3
Buffer overflow in the ActiveX control (DartFtp.dll) in Dart Communications PowerTCP FTP for ActiveX 2.0.2 0 allows remote attackers to execute arbitrary code via a long SecretKey property.
04-10-2012 - 00:00 21-10-2008 - 20:11
CVE-2011-5171 9.3
Multiple stack-based buffer overflows in CyberLink Power2Go 7 (build 196) and 8 (build 1031) allow remote attackers to execute arbitrary code via the (1) src and (2) name parameters in a p2g project file.
21-09-2012 - 00:00 15-09-2012 - 13:55
CVE-2012-4992 9.0
Multiple buffer overflows in FlashFXP.exe in FlashFXP 4.2 allow remote authenticated users to execute arbitrary code via a long unicode string to (1) TListbox or (2) TComboBox.
20-09-2012 - 11:07 19-09-2012 - 15:55
CVE-2012-2575 4.3
Cross-site scripting (XSS) vulnerability in NetWin SurgeMail 6.0a4 allows remote attackers to inject arbitrary web script or HTML via the SRC attribute of an IFRAME element in the body of an HTML e-mail message.
18-09-2012 - 00:00 17-09-2012 - 10:55
CVE-2012-4924 9.3
Buffer overflow in the CxDbgPrint function in the ipswcom.dll ActiveX component 1.0.0.1 for ASUS Net4Switch 1.0.0020 allows remote attackers to execute arbitrary code via a long parameter to the Alert method.
18-09-2012 - 00:00 15-09-2012 - 13:55
CVE-2011-5162 9.3
Stack-based buffer overflow in GOM Player 2.1.33.5071 allows user-assisted remote attackers to execute arbitrary code via a .ASX file with a long URI in the "ref href" tag. NOTE: this issue exists because of a CVE-2007-0707 regression.
17-09-2012 - 00:00 15-09-2012 - 13:55
CVE-2011-5164 9.3
Stack-based buffer overflow in VanDyke Software AbsoluteFTP 1.9.6 through 2.2.10 allows remote FTP servers to execute arbitrary code via a crafted file name in a LIST command response.
17-09-2012 - 00:00 15-09-2012 - 13:55
CVE-2011-5166 7.5
Multiple stack-based buffer overflows in KnFTP 1.0.0 allow remote attackers to execute arbitrary code via a long string to the (1) USER, (2) PASS, (3) REIN, (4) QUIT, (5) PORT, (6) PASV, (7) TYPE, (8) STRU, (9) MODE, (10) RETR, (11) STOR, (12) APPE,
17-09-2012 - 00:00 15-09-2012 - 13:55
CVE-2011-5167 9.3
Heap-based buffer overflow in the SetDevNames method of the Tidestone Formula One ActiveX control (TTF16.ocx) 6.3.5 Build 1 in Oracle Hyperion Strategic Finance 12.x and possibly earlier allows remote attackers to execute arbitrary code via a long st
17-09-2012 - 00:00 15-09-2012 - 13:55
CVE-2011-5170 9.3
Stack-based buffer overflow in Castillo Bueno Systems CCMPlayer 1.5 allows remote attackers to execute arbitrary code via a long track name in an m3u playlist.
17-09-2012 - 00:00 15-09-2012 - 13:55
CVE-2011-5172 9.3
Stack-based buffer overflow in StoryBoard Quick 6 Build 3786, and possibly StoryBoard Artist and StoryBoard Studio, allows remote attackers to execute arbitrary code via a long string in the string element field in a frame xml file.
17-09-2012 - 00:00 15-09-2012 - 13:55
CVE-2011-5173 6.8
Buffer overflow in Bugbear Entertainment FlatOut 2005 allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the title field in a bed file.
17-09-2012 - 00:00 15-09-2012 - 13:55
CVE-2012-4865 9.3
Buffer overflow in Oreans Themida 2.1.8.0 allows remote attackers to execute arbitrary code via a crafted .TMD file.
13-09-2012 - 00:00 06-09-2012 - 13:55
CVE-2008-2463 6.8
The Microsoft Office Snapshot Viewer ActiveX control in snapview.ocx 10.0.5529.0, as distributed in the standalone Snapshot Viewer and Microsoft Office Access 2000 through 2003, allows remote attackers to download arbitrary files to a client machine
12-09-2012 - 22:29 07-07-2008 - 19:41
CVE-2010-5239 6.9
Untrusted search path vulnerability in DAEMON Tools Lite 4.35.6.0091 and Pro Standard 4.36.0309.0160 allows local users to gain privileges via a Trojan horse mfc80loc.dll file in the current working directory, as demonstrated by a directory that cont
07-09-2012 - 12:27 07-09-2012 - 06:32
CVE-2010-5227 6.9
Untrusted search path vulnerability in Opera before 10.62 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .htm, .mht, .mhtml, .xht, .xhtm, or .x
07-09-2012 - 11:07 07-09-2012 - 06:32
CVE-2011-3176 10.0
Stack-based buffer overflow in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11.1 and 11.1a allows remote attackers to execute arbitrary code via an opcode 0x4c request.
07-09-2012 - 00:21 09-04-2012 - 16:55
CVE-2011-3175 10.0
Stack-based buffer overflow in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11.1 and 11.1a allows remote attackers to execute arbitrary code via an opcode 0x6c request.
07-09-2012 - 00:21 09-04-2012 - 16:55
CVE-2010-5236 6.9
Untrusted search path vulnerability in Roxio Easy Media Creator Home 9.0.136 allows local users to gain privileges via a Trojan horse homeutils9.dll file in the current working directory, as demonstrated by a directory that contains a .roxio, .c2d, o
07-09-2012 - 00:00 07-09-2012 - 06:32
CVE-2012-4864 9.3
Oreans WinLicense 2.1.8.0 allows remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via a crafted xml file.
07-09-2012 - 00:00 06-09-2012 - 13:55
CVE-2010-5195 6.9
Untrusted search path vulnerability in Roxio MyDVD 9 allows local users to gain privileges via a Trojan horse HomeUtils9.dll file in the current working directory, as demonstrated by a directory that contains a .dmsd or .dmsm file. NOTE: some of the
06-09-2012 - 00:00 06-09-2012 - 06:41
CVE-2010-5194 9.3
Stack-based buffer overflow in the Image2PDF function in the SCRIBBLE.ScribbleCtrl.1 ActiveX control (ImageViewer2.ocx) in Viscom Image Viewer CP Pro 8.0, Gold 5.5, Gold 6.0, and earlier allows remote attackers to execute arbitrary code via a long st
05-09-2012 - 00:00 31-08-2012 - 17:55
CVE-2011-4878 7.8
Directory traversal vulnerability in miniweb.exe in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI pane
04-09-2012 - 23:19 03-02-2012 - 15:55
CVE-2011-4879 8.5
miniweb.exe in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and W
31-08-2012 - 23:38 03-02-2012 - 15:55
CVE-2011-4877 7.1
HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime, when Transfe
31-08-2012 - 23:38 03-02-2012 - 15:55
CVE-2011-4876 9.3
Directory traversal vulnerability in HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and
31-08-2012 - 23:38 03-02-2012 - 15:55
CVE-2011-4875 9.3
Stack-based buffer overflow in HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC
31-08-2012 - 23:38 03-02-2012 - 15:55
CVE-2012-2587 4.3
Multiple cross-site scripting (XSS) vulnerabilities in AfterLogic MailSuite Pro 6.3 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with a crafted SRC attribute of (1) an IFRAME element or (2) a SCRIPT element
29-08-2012 - 00:00 12-08-2012 - 17:55
CVE-2012-2614 6.8
Buffer overflow in programmer.exe in Lattice Diamond Programmer 1.4.2 allows user-assisted remote attackers to cause a denial of service (application crash) and execute arbitrary code via a long string in a version attribute of an ispXCF element in a
18-08-2012 - 00:00 12-07-2012 - 17:55
CVE-2012-2206 3.5
The Web Gateway component in IBM WebSphere MQ File Transfer Edition 7.0.4 and earlier allows remote authenticated users to read files of arbitrary users via vectors involving a username in a URI, as demonstrated by a modified metadata=fteSamplesUser
17-08-2012 - 00:00 17-08-2012 - 06:31
CVE-2012-4335 7.8
Samsung NET-i viewer 1.37.120316 allows remote attackers to cause a denial of service (infinite loop) via a negative size value in a TCP request to (1) NiwMasterService or (2) NiwStorageService. NOTE: some of these details are obtained from third pa
15-08-2012 - 16:35 14-08-2012 - 18:55
CVE-2012-4334 10.0
The ConnectDDNS method in the (1) STWConfigNVR 1.1.13.15 and (2) STWConfig 1.1.14.13 ActiveX controls in Samsung NET-i viewer 1.37.120316 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: some of these details are obta
15-08-2012 - 16:33 14-08-2012 - 18:55
CVE-2012-4333 10.0
Multiple stack-based buffer overflows in the BackupToAvi method in the (1) UMS_Ctrl 1.5.1.1 and (2) UMS_Ctrl_STW 2.0.1.0 ActiveX controls in Samsung NET-i viewer 1.37.120316 allow remote attackers to execute arbitrary code via a long string in the fn
15-08-2012 - 16:31 14-08-2012 - 18:55
CVE-2012-4250 9.3
Stack-based buffer overflow in the RequestScreenOptimization function in the XProcessControl.ocx ActiveX control in msls31.dll in Samsung NET-i viewer 1.37 allows remote attackers to execute arbitrary code via a long string in the first argument.
14-08-2012 - 00:00 13-08-2012 - 14:55
CVE-2012-2396 4.3
VideoLAN VLC media player 2.0.1 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted MP4 file.
13-08-2012 - 23:37 19-04-2012 - 17:55
CVE-2011-1591 9.3
Stack-based buffer overflow in the DECT dissector in epan/dissectors/packet-dect.c in Wireshark 1.4.x before 1.4.5 allows remote attackers to execute arbitrary code via a crafted .pcap file.
13-08-2012 - 23:26 29-04-2011 - 18:55
CVE-2009-1831 9.3
The Nullsoft Modern Skins Support module (gen_ff.dll) in Nullsoft Winamp before 5.552 allows remote attackers to execute arbitrary code via a crafted MAKI file, which triggers an incorrect sign extension, an integer overflow, and a stack-based buffer
13-08-2012 - 23:01 29-05-2009 - 18:30
CVE-2009-0833 9.3
Heap-based buffer overflow in gen_msn.dll in the gen_msn plugin 0.31 for Winamp 5.541 allows remote attackers to execute arbitrary code via a playlist (.pls) file with a long URL in the File1 field. NOTE: some of these details are obtained from thir
13-08-2012 - 22:58 05-03-2009 - 15:30
CVE-2009-0263 10.0
Multiple buffer overflows in Winamp 5.541 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a large Common Chunk (COMM) header value in an AIFF file and (2) a large invalid value in an MP3 fil
13-08-2012 - 22:57 23-01-2009 - 14:00
CVE-2008-0610 9.3
Stack-based buffer overflow in the ClientConnection::NegotiateProtocolVersion function in vncviewer/ClientConnection.cpp in vncviewer for UltraVNC 1.0.2 and 1.0.4 before 01252008, when in LISTENING mode or when using the DSM plugin, allows remote att
13-08-2012 - 22:37 06-02-2008 - 07:00
CVE-2007-2180 7.1
Buffer overflow in Nullsoft Winamp 5.3 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted WMV file.
13-08-2012 - 22:20 24-04-2007 - 13:19
CVE-2012-2585 4.3
Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine ServiceDesk Plus 8.1 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a SCRIPT element, (2) a crafted Cascading Style Sheets (CSS) ex
13-08-2012 - 13:22 12-08-2012 - 17:55
CVE-2012-2571 4.3
Multiple cross-site scripting (XSS) vulnerabilities in WinWebMail Server 3.8.1.6 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a SCRIPT element, (2) a crafted Cascading Style Sheets (CSS) expression
13-08-2012 - 00:00 12-08-2012 - 17:55
CVE-2012-2590 4.3
Multiple cross-site scripting (XSS) vulnerabilities in ESCON SupportPortal Professional Edition 3.0 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a SCRIPT element, (2) a crafted SRC attribute of an
13-08-2012 - 00:00 12-08-2012 - 17:55
CVE-2012-2602 6.8
Multiple cross-site request forgery (CSRF) vulnerabilities in SolarWinds Orion Network Performance Monitor (NPM) before 10.3.1 allow remote attackers to hijack the authentication of administrators for requests that (1) create user accounts via Create
13-08-2012 - 00:00 12-08-2012 - 12:55
CVE-2012-1466 5.0
The Traffic Grapher Server for NetMechanica NetDecision before 4.6.1 allows remote attackers to obtain the source code of NtDecision script files with a .nd extension via an invalid version number in an HTTP request, as demonstrated using default.nd.
03-08-2012 - 00:00 19-03-2012 - 15:55
CVE-2012-0277 6.8
Heap-based buffer overflow in XnView before 1.99 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PCT image.
01-08-2012 - 00:00 17-07-2012 - 17:55
CVE-2012-2442 4.3
Buffer overflow in the Video Manager in Nokia PC Suite 7.1.180.64 and earlier allows remote attackers to cause a denial of service via a crafted mp4 file.
30-07-2012 - 00:00 25-07-2012 - 17:55
CVE-2012-4054 6.9
Buffer overflow in the readfile function in CPE17 Autorun Killer 1.7.1 and earlier allows physically proximate attackers to execute arbitrary code via a crafted inf file.
30-07-2012 - 00:00 25-07-2012 - 17:55
CVE-2012-4057 9.3
Buffer overflow in the Player in Remote-Anything 5.60.15 allows remote attackers to execute arbitrary code via a crafted flm file.
30-07-2012 - 00:00 25-07-2012 - 17:55
CVE-2011-2657 6.8
Directory traversal vulnerability in the LaunchProcess function in the LaunchHelp.HelpLauncher.1 ActiveX control in LaunchHelp.dll in AdminStudio in Novell ZENworks Configuration Management (ZCM) 10.2, 10.3, and 11 SP1 allows remote attackers to exec
27-07-2012 - 00:00 26-07-2012 - 18:55
CVE-2012-0282 6.8
Heap-based buffer overflow in XnView before 1.99 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ImageLeftPosition value in an ImageDescriptor structure in a GIF image.
18-07-2012 - 09:15 17-07-2012 - 17:55
CVE-2012-0276 6.8
Multiple heap-based buffer overflows in XnView before 1.99 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a (1) SGI32LogLum compressed TIFF image or (2) SGI32LogLum compressed TIFF imag
18-07-2012 - 00:00 17-07-2012 - 17:55
CVE-2012-3845 5.0
Buffer overflow in LAN Messenger 1.2.28 and earlier allows remote attackers to cause a denial of service (crash) via a long string in an initiation request.
17-07-2012 - 00:00 03-07-2012 - 18:55
CVE-2012-1661 9.3
ESRI ArcMap 9 and ArcGIS 10.0.2.3200 and earlier does not properly prompt users before executing embedded VBA macros, which allows user-assisted remote attackers to execute arbitrary VBA code via a crafted map (.mxd) file.
16-07-2012 - 00:00 12-07-2012 - 17:55
CVE-2012-3816 7.8
WinRadius Server 2009 allows remote attackers to cause a denial of service (crash) via a long password in an Access-Request packet.
28-06-2012 - 00:00 27-06-2012 - 17:55
CVE-2012-0985 9.3
Multiple buffer overflows in the Wireless Manager ActiveX control 4.0.0.0 in WifiMan.dll in Sony VAIO PC Wireless LAN Wizard 1.0; VAIO Wireless Wizard 1.00, 1.00_64, 1.0.1, 2.0, and 3.0; SmartWi Connection Utility 4.7, 4.7.4, 4.8, 4.9, 4.10, and 4.11
08-06-2012 - 00:00 07-06-2012 - 15:55
CVE-2011-3492 10.0
Stack-based buffer overflow in Azeotech DAQFactory 5.85 build 1853 and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a crafted NETB packet to UDP port 20034.
04-06-2012 - 00:00 16-09-2011 - 10:28
CVE-2012-2940 4.3
MediaChance Real-DRAW PRO 5.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted (1) PNG, (2) WMF, (3) PSD, (4) TGA, (5) TTF, (6) BMP, (7) TIFF, or (8) PCX file.
28-05-2012 - 00:00 27-05-2012 - 16:55
CVE-2011-3976 6.8
Stack-based buffer overflow in AmmSoft ScriptFTP 3.3 allows remote FTP servers to execute arbitrary code via a long filename in a response to a LIST command, as demonstrated using (1) GETLIST or (2) GETFILE in a ScriptFTP script.
14-05-2012 - 00:00 04-10-2011 - 06:55
CVE-2011-1566 10.0
Directory traversal vulnerability in dc.exe 9.00.00.11059 and earlier in 7-Technologies Interactive Graphical SCADA System (IGSS) allows remote attackers to execute arbitrary programs via ..\ (dot dot backslash) sequences in opcodes (1) 0xa and (2) 0
11-05-2012 - 23:37 05-04-2011 - 11:19
CVE-2011-2386 9.3
VisiWaveReport.exe in AZO Technologies, Inc. VisiWave Site Survey before 2.1.9 allows user-assisted remote attackers to execute arbitrary code via a (1) vws and (2) vwr file with an invalid Type property, which triggers an untrusted pointer dereferen
27-04-2012 - 00:00 08-06-2011 - 06:36
CVE-2012-1464 5.0
Dashboard Server for NetMechanica NetDecision before 4.6.1 allows remote attackers to obtain the installation path via a request with a trailing "?" character, which causes Dashboard to attempt to access a non-existent resource. NOTE: some of these
27-03-2012 - 00:00 19-03-2012 - 15:55
CVE-2012-1465 4.3
Stack-based buffer overflow in the HTTP Server in NetMechanica NetDecision before 4.6.1 allows remote attackers to cause a denial of service (application crash) via a long URL in an HTTP request. NOTE: some of these details are obtained from third p
27-03-2012 - 00:00 19-03-2012 - 15:55
CVE-2012-1783 7.8
Tiny Server 1.1.9 and earlier allows remote attackers to cause a denial of service (crash) via a long string in a GET request without an HTTP version number.
20-03-2012 - 00:00 19-03-2012 - 14:55
CVE-2011-0611 9.3
Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on W
19-03-2012 - 00:00 13-04-2011 - 10:55
CVE-2011-3142 10.0
Stack-based buffer overflow in an ActiveX control in KVWebSvr.dll in WellinTech KingView 6.52 and 6.53 allows remote attackers to execute arbitrary code via a long second argument to the ValidateUser method.
16-03-2012 - 00:00 16-08-2011 - 17:55
CVE-2012-0292 5.0
The awhost32 service in Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), Altiris Client Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), and Altiris
08-03-2012 - 00:00 07-03-2012 - 23:15
CVE-2011-4800 9.0
Directory traversal vulnerability in Serv-U FTP Server before 11.1.0.5 allows remote authenticated users to read and write arbitrary files, and list and create arbitrary directories, via a "..:/" (dot dot colon forward slash) in the (1) list, (2) put
05-03-2012 - 00:00 13-12-2011 - 19:55
CVE-2012-0201 9.3
Stack-based buffer overflow in pcspref.dll in pcsws.exe in IBM Personal Communications 5.9.x before 5.9.8 and 6.0.x before 6.0.4 might allow remote attackers to execute arbitrary code via a long profile string in a WorkStation (aka .ws) file.
02-03-2012 - 00:00 02-03-2012 - 06:55
CVE-2011-5002 10.0
Multiple stack-based buffer overflows in Final Draft 8 before 8.02 allow remote attackers to execute arbitrary code via a .fdx or .fdxt file with long (1) Word, (2) Transition, (3) Location, (4) Extension, (5) SceneIntro, (6) TimeOfDay, and (7) Chara
16-02-2012 - 23:10 24-12-2011 - 20:55
CVE-2012-1009 5.0
NetSarang Xlpd 4 Build 0100 and NetSarang Xmanager Enterprise 4 Build 0186 allow remote attackers to cause a denial of service (daemon crash) via a malformed LPD request.
15-02-2012 - 10:07 14-02-2012 - 12:55
CVE-2011-4024 4.3
Cross-site scripting (XSS) vulnerability in ocsinventory in OCS Inventory NG 2.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
13-02-2012 - 23:09 21-10-2011 - 14:55
CVE-2011-3496 10.0
service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) BF, (2) OF, or (3) EF command.
13-02-2012 - 23:08 16-09-2011 - 13:26
CVE-2011-3490 10.0
Multiple stack-based buffer overflows in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long command to port 11234, as demonstrated with the
13-02-2012 - 23:08 16-09-2011 - 10:28
CVE-2011-3487 5.0
Directory traversal vulnerability in CarelDataServer.exe in Carel PlantVisor 2.4.4 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request.
13-02-2012 - 23:08 16-09-2011 - 10:28
CVE-2011-3322 10.0
Core Server HMI Service (Coreservice.exe) in Scadatec Limited Procyon SCADA 1.06, and other versions before 1.14, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password to the Telnet (TCP/
13-02-2012 - 23:08 15-09-2011 - 13:58
CVE-2011-2841 6.8
Google Chrome before 14.0.835.163 does not properly perform garbage collection during the processing of PDF documents, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document.
13-02-2012 - 23:07 19-09-2011 - 08:02
CVE-2011-2443 9.3
Multiple buffer overflows in Adobe Photoshop Elements 8.0 and earlier allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted (1) .grd or (2) .abr file, a related
13-02-2012 - 23:07 04-10-2011 - 16:55
CVE-2010-5033 7.5
SQL injection vulnerability in ProductList.cfm in Fusebox 5.5.1 allows remote attackers to execute arbitrary SQL commands via the CatDisplay parameter.
13-02-2012 - 23:02 02-11-2011 - 17:55
CVE-2010-4916 7.5
Multiple SQL injection vulnerabilities in index.cfm in ColdGen ColdUserGroup 1.06 allow remote attackers to execute arbitrary SQL commands via the (1) ArticleID or (2) LibraryID parameter.
13-02-2012 - 23:02 08-10-2011 - 06:55
CVE-2010-4915 7.5
SQL injection vulnerability in index.cfm in ColdGen ColdBookmarks 1.22 allows remote attackers to execute arbitrary SQL commands via the BookmarkID parameter in an EditBookmark action.
13-02-2012 - 23:02 08-10-2011 - 06:55
CVE-2010-4913 4.3
Cross-site scripting (XSS) vulnerability in the search feature in ColdGen ColdUserGroup 1.06 allows remote attackers to inject arbitrary web script or HTML via the Keywords parameter. NOTE: some of these details are obtained from third party informa
13-02-2012 - 23:02 08-10-2011 - 06:55
CVE-2010-4910 7.5
SQL injection vulnerability in index.cfm in ColdGen ColdCalendar 2.06 allows remote attackers to execute arbitrary SQL commands via the EventID parameter in a ViewEventDetails action.
13-02-2012 - 23:02 08-10-2011 - 06:55
CVE-2011-5049 4.3
MySQL 5.5.8, when running on Windows, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted packet to TCP port 3306.
09-02-2012 - 00:00 04-01-2012 - 14:55
CVE-2010-0364 9.3
Stack-based buffer overflow in VideoLAN VLC Media Player 0.8.6 allows user-assisted remote attackers to execute arbitrary code via an ogg file with a crafted Advanced SubStation Alpha Subtitle (.ass) file, probably involving the Dialogue field.
27-01-2012 - 00:32 21-01-2010 - 15:30
CVE-2008-5036 9.3
Stack-based buffer overflow in VideoLAN VLC media player 0.9.x before 0.9.6 might allow user-assisted attackers to execute arbitrary code via an an invalid RealText (rt) subtitle file, related to the ParseRealText function in modules/demux/subtitle.c
27-01-2012 - 00:32 10-11-2008 - 17:18
CVE-2007-6682 7.5
Format string vulnerability in the httpd_FileCallBack function (network/httpd.c) in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via format string specifiers in the Connection parameter.
27-01-2012 - 00:32 16-01-2008 - 20:00
CVE-2007-6681 7.5
Stack-based buffer overflow in modules/demux/subtitle.c in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via a long subtitle in a (1) MicroDvd, (2) SSA, and (3) Vplayer file.
27-01-2012 - 00:32 16-01-2008 - 20:00
CVE-2012-0904 4.3
VLC media player 1.1.11 allows remote attackers to cause a denial of service (crash) via a long string in an amr file.
27-01-2012 - 00:31 20-01-2012 - 12:55
CVE-2010-3275 9.3
libdirectx_plugin.dll in VideoLAN VLC Media Player before 1.1.8 allows remote attackers to execute arbitrary code via a crafted width in an AMV file, related to a "dangling pointer vulnerability."
27-01-2012 - 00:31 28-03-2011 - 12:55
CVE-2008-1881 6.8
Stack-based buffer overflow in the ParseSSA function (modules/demux/subtitle.c) in VLC 0.8.6e allows remote attackers to execute arbitrary code via a long subtitle in an SSA file. NOTE: this issue is due to an incomplete fix for CVE-2007-6681.
27-01-2012 - 00:31 17-04-2008 - 19:05
CVE-2009-2484 9.3
Stack-based buffer overflow in the Win32AddConnection function in modules/access/smb.c in VideoLAN VLC media player 0.9.9, when running on Microsoft Windows, allows remote attackers to cause a denial of service (application crash) and possibly execut
27-01-2012 - 00:30 16-07-2009 - 12:30
CVE-2009-1045 5.0
requests/status.xml in VLC 0.9.8a allows remote attackers to cause a denial of service (stack consumption and crash) via a long input argument in an in_play action.
27-01-2012 - 00:00 23-03-2009 - 12:30
CVE-2008-4844 9.3
Use-after-free vulnerability in the CRecordInstance::TransferToDestination function in mshtml.dll in Microsoft Internet Explorer 5.01, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via DSO bindings involving (1) an XML Island, (2)
10-01-2012 - 00:00 11-12-2008 - 10:30
CVE-2011-5052 6.8
Stack-based buffer overflow in CoCSoft Stream Down 6.8.0 allows remote web servers to execute arbitrary code via a long response to a download request.
05-01-2012 - 10:07 04-01-2012 - 14:55
CVE-2011-5043 4.3
TomatoSoft Free Mp3 Player 1.0 allows remote attackers to cause a denial of service (application crash) via a long string in an MP3 file, possibly a buffer overflow.
02-01-2012 - 00:00 30-12-2011 - 14:55
CVE-2011-5044 7.2
SopCast 3.4.7.45585 uses weak permissions (Everyone:Full Control) for Diagnose.exe, which allows local users to execute arbitrary code by replacing Diagnose.exe with a Trojan horse program.
02-01-2012 - 00:00 30-12-2011 - 14:55
CVE-2009-5109 9.3
Stack-based buffer overflow in Mini-Stream Ripper 3.0.1.1 allows remote attackers to execute arbitrary code via a long entry in a .pls file.
28-12-2011 - 00:00 24-12-2011 - 20:55
CVE-2010-5081 9.3
Stack-based buffer overflow in Mini-Stream RM-MP3 Converter 3.1.2.1 allows remote attackers to execute arbitrary code via a long URL in a .pls file.
28-12-2011 - 00:00 24-12-2011 - 20:55
CVE-2009-3976 9.3
Buffer overflow in Labtam ProFTP 2.9 allows remote FTP servers to cause a denial of service (application crash) or execute arbitrary code via a long 220 reply (aka connection greeting or welcome message).
16-11-2011 - 00:00 18-11-2009 - 18:30
CVE-2006-6026 10.0
Heap-based buffer overflow in Real Networks Helix Server and Helix Mobile Server before 11.1.3, and Helix DNA Server 11.0 and 11.1, allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a DESCRIBE requ
18-10-2011 - 00:00 21-11-2006 - 18:07
CVE-2006-6576 7.5
Heap-based buffer overflow in Golden FTP Server (goldenftpd) 1.92 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long PASS command. NOTE: it was later reported that 4.70 is also affe
18-10-2011 - 00:00 15-12-2006 - 14:28
CVE-2006-5552 7.5
Multiple heap-based buffer overflows in RevilloC MailServer 1.21 and earlier allow remote attackers to cause a denial of service (CPU consumption or application crash) or execute arbitrary code via a long argument to the (1) MAIL FROM or (2) RCPT TO
17-10-2011 - 00:00 26-10-2006 - 13:07
CVE-2007-0827 6.8
The Alibaba Alipay PTA Module ActiveX control (PTA.DLL) allows remote attackers to execute arbitrary code via a JavaScript function that invokes the Remove method with an invalid index argument, which is used as an offset for a function call.
17-10-2011 - 00:00 07-02-2007 - 17:28
CVE-2008-2245 9.3
Heap-based buffer overflow in the InternalOpenColorProfile function in mscms.dll in Microsoft Windows Image Color Management System (MSCMS) in the Image Color Management (ICM) component on Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2
17-10-2011 - 00:00 12-08-2008 - 20:41
CVE-2011-1525 9.3
Heap-based buffer overflow in rvrender.dll in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.2, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via a crafted frame in an Internet Video Recordi
17-10-2011 - 00:00 06-04-2011 - 12:55
CVE-2008-3015 9.3
Integer overflow in gdiplus.dll in GDI+ in Microsoft Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2,
12-10-2011 - 00:00 10-09-2008 - 21:11
CVE-2010-3146 9.3
Multiple untrusted search path vulnerabilities in Microsoft Groove 2007 SP2 allow local users to gain privileges via a Trojan horse (1) mso.dll or (2) GroovePerfmon.dll file in the current working directory, as demonstrated by a directory that contai
06-10-2011 - 00:00 27-08-2010 - 15:00
CVE-2011-0096 4.3
The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle a MIME format in a request for cont
04-10-2011 - 22:51 31-01-2011 - 15:00
CVE-2010-4701 7.6
Heap-based buffer overflow in the CDrawPoly::Serialize function in fxscover.exe in Microsoft Windows Fax Services Cover Page Editor 5.2 r2 in Windows XP Professional SP3, Server 2003 R2 Enterprise Edition SP2, and Windows 7 Professional allows remote
04-10-2011 - 22:50 20-01-2011 - 14:00
CVE-2010-3148 9.3
Untrusted search path vulnerability in Microsoft Visio 2003 SP3 allows local users to gain privileges via a Trojan horse mfc71enu.dll file in the current working directory, as demonstrated by a directory that contains a .vsd, .vdx, .vst, or .vtx file
04-10-2011 - 22:48 27-08-2010 - 15:00
CVE-2010-2549 7.2
Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2 and Server 2008 Gold and SP2 allows local users to gain privileges or cause a denial of service (system crash) by using a large number of calls to the NtUs
04-10-2011 - 22:46 02-07-2010 - 15:00
CVE-2006-3730 9.3
Integer overflow in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a 0x7fffffff argument to the setSlice method on a WebViewFolderIcon ActiveX object, which
28-09-2011 - 00:00 21-07-2006 - 10:03
CVE-2011-1866 10.0
Buffer overflow in omniinet.exe in the inet service in HP OpenView Storage Data Protector 6.00 through 6.20 allows remote attackers to execute arbitrary code via a crafted request, related to the EXEC_CMD functionality.
21-09-2011 - 23:31 01-07-2011 - 06:55
CVE-2011-1865 10.0
Multiple stack-based buffer overflows in the inet service in HP OpenView Storage Data Protector 6.00 through 6.20 allow remote attackers to execute arbitrary code via a request containing crafted parameters.
21-09-2011 - 23:31 01-07-2011 - 06:55
CVE-2011-1568 10.0
Format string vulnerability in the logText function in shmemmgr9.dll in IGSSdataServer.exe 9.00.00.11074, and 9.00.00.11063 and earlier, in 7-Technologies Interactive Graphical SCADA System (IGSS) allows remote attackers to cause a denial of service
21-09-2011 - 23:30 05-04-2011 - 11:19
CVE-2011-1567 10.0
Multiple stack-based buffer overflows in IGSSdataServer.exe 9.00.00.11063 and earlier in 7-Technologies Interactive Graphical SCADA System (IGSS) allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via craf
21-09-2011 - 23:30 05-04-2011 - 11:19
CVE-2011-1565 10.0
Directory traversal vulnerability in IGSSdataServer.exe 9.00.00.11063 and earlier in 7-Technologies Interactive Graphical SCADA System (IGSS) allows remote attackers to (1) read (opcode 0x3) or (2) create or write (opcode 0x2) arbitrary files via ..\
21-09-2011 - 23:30 05-04-2011 - 11:19
CVE-2011-1564 10.0
Multiple integer overflows in the HMI application in DATAC RealFlex RealWin 2.1 (Build 6.1.10.10) and earlier allow remote attackers to execute arbitrary code via crafted (1) On_FC_MISC_FCS_MSGBROADCAST and (2) On_FC_MISC_FCS_MSGSEND packets, which t
21-09-2011 - 23:30 05-04-2011 - 11:19
CVE-2011-1563 10.0
Multiple stack-based buffer overflows in the HMI application in DATAC RealFlex RealWin 2.1 (Build 6.1.10.10) and earlier allow remote attackers to execute arbitrary code via (1) a long username in an On_FC_CONNECT_FCS_LOGIN packet, and crafted (2) On
21-09-2011 - 23:30 05-04-2011 - 11:19
CVE-2011-0614 9.3
Buffer overflow in Adobe Audition 3.0.1 and earlier allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Audition Session (aka .ses) file.
21-09-2011 - 23:28 16-05-2011 - 13:55
CVE-2011-0517 9.3
Stack-based buffer overflow in Sielco Sistemi Winlog Pro 2.07.00 and earlier, when Run TCP/IP server is enabled, allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a crafted 0x02 opcode to TCP port 46823.
21-09-2011 - 23:28 20-01-2011 - 14:00
CVE-2011-0406 10.0
Heap-based buffer overflow in HistorySvr.exe in WellinTech KingView 6.53 allows remote attackers to execute arbitrary code via a long request to TCP port 777.
21-09-2011 - 23:28 10-01-2011 - 22:00
CVE-2011-0276 10.0
HP OpenView Performance Insight Server 5.2, 5.3, 5.31, 5.4, and 5.41 contains a "hidden account" in the com.trinagy.security.XMLUserManager Java class, which allows remote attackers to execute arbitrary code via the doPost method in the com.trinagy.s
21-09-2011 - 23:27 01-02-2011 - 20:00
CVE-2011-0267 10.0
Multiple buffer overflows in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allow remote attackers to execute arbitrary code via a long (1) schdParams or (2) nameParams parameter, a different vulnerability than CVE-2011-0
21-09-2011 - 23:27 13-01-2011 - 14:00
CVE-2010-2709 9.3
Stack-based buffer overflow in webappmon.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long OvJavaLocale value in a cookie.
21-09-2011 - 23:22 05-08-2010 - 14:17
CVE-2010-1554 10.0
Stack-based buffer overflow in getnnmdata.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via an invalid iCount parameter.
21-09-2011 - 23:20 13-05-2010 - 13:30
CVE-2009-5087 5.0
Directory traversal vulnerability in geohttpserver in Geovision Digital Video Surveillance System 8.2 allows remote attackers to read arbitrary files via a .. (dot dot) in a GET request.
21-09-2011 - 23:16 12-09-2011 - 08:40
CVE-2009-1028 9.3
Stack-based buffer overflow in ediSys eZip Wizard 3.0 allows remote attackers to execute arbitrary code via a crafted .zip file.
21-09-2011 - 23:07 19-03-2009 - 20:30
CVE-2008-2683 9.3
The BIDIB.BIDIBCtrl.1 ActiveX control in BIDIB.ocx 10.9.3.0 in Black Ice Barcode SDK 5.01 allows remote attackers to force the download and storage of arbitrary files by specifying the origin URL in the first argument to the DownloadImageFileURL meth
21-09-2011 - 22:55 12-06-2008 - 08:21
CVE-2010-4321 9.3
Stack-based buffer overflow in an ActiveX control in ienipp.ocx in Novell iPrint Client 5.52 allows remote attackers to execute arbitrary code via a long argument to (1) the GetDriverSettings2 method, as reachable by (2) the GetDriverSettings method.
21-09-2011 - 00:00 30-12-2010 - 14:00
CVE-2006-1540 9.3
MSO.DLL in Microsoft Office 2000, Office XP (2002), and Office 2003 allows user-assisted attackers to cause a denial of service and execute arbitrary code via multiple attack vectors, as originally demonstrated using a crafted document record with a
20-09-2011 - 00:00 30-03-2006 - 06:02
CVE-2006-6288 4.6
Multiple buffer overflows in Niek Albers CoolPlayer 216 and earlier allow remote attackers to execute arbitrary code via (1) a playlist file with long song names, because of an overflow in the CPL_AddPrefixedFile function in CPI_Playlist.c; (2) a ski
20-09-2011 - 00:00 04-12-2006 - 06:28
CVE-2007-2244 9.3
Multiple buffer overflows in Adobe Photoshop CS2 and CS3, Illustrator CS3, and GoLive 9 allow user-assisted remote attackers to execute arbitrary code via a crafted (1) BMP, (2) DIB, or (3) RLE file.
20-09-2011 - 00:00 25-04-2007 - 12:19
CVE-2007-6016 9.3
Multiple stack-based buffer overflows in the PVATLCalendar.PVCalendar.1 ActiveX control in pvcalendar.ocx in the scheduler component in the Media Server in Symantec Backup Exec for Windows Server (BEWS) 11d 11.0.6235 and 11.0.7170, and 12.0 12.0.1364
06-09-2011 - 00:00 29-02-2008 - 14:44
CVE-2007-6204 10.0
Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 6.41, 7.01, and 7.51 allow remote attackers to execute arbitrary code via unspecified long arguments to (1) ovlogin.exe, (2) OpenView5.exe, (3) snmpviewer.exe, and (4)
06-09-2011 - 00:00 13-12-2007 - 16:46
CVE-2008-4342 9.3
NuMedia Soft NMS DVD Burning SDK Activex NMSDVDX.DVDEngineX.1 ActiveX control (NMSDVDX.dll) 1.013C and earlier, as used in CDBurnerXP 4.2.1.976, BurnAware 2.1.3, Blaze Media Pro 8.02 Special Edition, and possibly other products, allows remote attacke
31-08-2011 - 00:00 30-09-2008 - 13:22
CVE-2007-5300 5.0
Off-by-one error in the do_login_loop function in libwzd-core/wzd_login.c in wzdftpd 0.8.0, 0.8.2, and possibly other versions allows remote attackers to cause a denial of service (daemon crash) via a long USER command that triggers a stack-based buf
30-08-2011 - 00:00 09-10-2007 - 14:17
CVE-2008-1358 6.5
Stack-based buffer overflow in the IMAP server in Alt-N Technologies MDaemon 9.6.4 allows remote authenticated users to execute arbitrary code via a FETCH command with a long BODY.
10-08-2011 - 00:00 17-03-2008 - 13:44
CVE-2007-1735 9.3
Stack-based buffer overflow in Corel WordPerfect Office X3 (13.0.0.565) allows user-assisted remote attackers to execute arbitrary code via a long printer selection (PRS) name in a Wordperfect document.
04-08-2011 - 00:00 28-03-2007 - 18:19
CVE-2008-0234 9.3
Buffer overflow in Apple Quicktime Player 7.3.1.70 and other versions before 7.4.1, when RTSP tunneling is enabled, allows remote attackers to execute arbitrary code via a long Reason-Phrase response to an rtsp:// request, as demonstrated using a 404
04-08-2011 - 00:00 10-01-2008 - 21:46
CVE-2008-4114 7.1
srv.sys in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact vi
04-08-2011 - 00:00 16-09-2008 - 19:00
CVE-2007-6478 6.8
Stack-based buffer overflow in Rosoft Media Player 4.1.7, 4.1.8, and possibly earlier versions allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long string in a .M3U file. NOTE: some of these de
02-08-2011 - 00:00 20-12-2007 - 15:46
CVE-2008-1697 10.0
Stack-based buffer overflow in ovwparser.dll in HP OpenView Network Node Manager (OV NNM) 7.53, 7.51, and earlier allows remote attackers to execute arbitrary code via a long URI in an HTTP request processed by ovas.exe, as demonstrated by a certain
02-08-2011 - 00:00 08-04-2008 - 13:05
CVE-2009-2479 7.8
Mozilla Firefox 3.0.x, 3.5, and 3.5.1 on Windows allows remote attackers to cause a denial of service (uncaught exception and application crash) via a long Unicode string argument to the write method. NOTE: this was originally reported as a stack-bas
02-08-2011 - 00:00 16-07-2009 - 11:30
CVE-2008-1472 9.3
Stack-based buffer overflow in the ListCtrl ActiveX Control (ListCtrl.ocx), as used in multiple CA products including BrightStor ARCserve Backup R11.5, Desktop Management Suite r11.1 through r11.2, and Unicenter products r11.1 through r11.2, allows r
01-08-2011 - 00:00 24-03-2008 - 18:44
CVE-2008-3704 9.3
Heap-based buffer overflow in the MaskedEdit ActiveX control in Msmask32.ocx 6.0.81.69, and possibly other versions before 6.0.84.18, in Microsoft Visual Studio 6.0, Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP
01-08-2011 - 00:00 18-08-2008 - 15:41
CVE-2011-2963 10.0
TCPUploadServer.exe in Progea Movicon 11.2 before Build 1084 does not require authentication for critical functions, which allows remote attackers to obtain sensitive information, delete files, execute arbitrary programs, or cause a denial of service
01-08-2011 - 00:00 29-07-2011 - 15:55
CVE-2007-2356 6.8
Stack-based buffer overflow in the set_color_table function in sunras.c in the SUNRAS plugin in Gimp 2.2.14 allows user-assisted remote attackers to execute arbitrary code via a crafted RAS file.
28-07-2011 - 00:00 30-04-2007 - 18:19
CVE-2008-1478 5.0
Home FTP Server 1.4.5.89 allows remote attackers to cause a denial of service (crash) by opening a FTP passive mode connection, then closing the original FTP connection. NOTE: some of these details are obtained from third party information.
25-07-2011 - 00:00 24-03-2008 - 18:44
CVE-2010-3765 9.3
Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related
25-07-2011 - 00:00 27-10-2010 - 20:00
CVE-2010-4091 9.3
The EScript.api plugin in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.1, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF
25-07-2011 - 00:00 07-11-2010 - 17:00
CVE-2010-3131 9.3
Untrusted search path vulnerability in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 on Windows XP allows local users, and possibly remote attackers, to execute arbit
20-07-2011 - 00:00 26-08-2010 - 14:36
CVE-2010-3145 9.3
Untrusted search path vulnerability in the BitLocker Drive Encryption API, as used in sdclt.exe in Backup Manager in Microsoft Windows Vista SP1 and SP2, allows local users to gain privileges via a Trojan horse fveapi.dll file in the current working
20-07-2011 - 00:00 27-08-2010 - 15:00
CVE-2010-3133 9.3
Untrusted search path vulnerability in Wireshark 0.8.4 through 1.0.15 and 1.2.0 through 1.2.10 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse airpcap.dll, and possibly
19-07-2011 - 00:00 26-08-2010 - 14:36
CVE-2011-0489 7.5
The server components in Objectivity/DB 10.0 do not require authentication for administrative commands, which allows remote attackers to modify data, obtain sensitive information, or cause a denial of service by sending requests over TCP to (1) the L
19-07-2011 - 00:00 18-01-2011 - 13:03
CVE-2010-4398 7.2
Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain
18-07-2011 - 22:41 06-12-2010 - 08:44
CVE-2010-3973 9.3
The WMITools ActiveX control in WBEMSingleView.ocx 1.50.1131.0 in Microsoft WMI Administrative Tools 1.1 and earlier in Microsoft Windows XP SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted argument to the AddContextRef met
18-07-2011 - 22:41 23-12-2010 - 13:00
CVE-2010-3972 10.0
Heap-based buffer overflow in the TELNET_STREAM_CONTEXT::OnSendData function in ftpsvc.dll in Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) 7.0, and IIS 7.5, allows remote attackers to execute arbitrary code or cause a den
18-07-2011 - 22:41 23-12-2010 - 13:00
CVE-2010-3971 9.3
Use-after-free vulnerability in the CSharedStyleSheet::Notify function in the Cascading Style Sheets (CSS) parser in mshtml.dll, as used in Microsoft Internet Explorer 6 through 8 and other products, allows remote attackers to execute arbitrary code
18-07-2011 - 22:40 22-12-2010 - 16:00
CVE-2010-3396 7.2
Buffer overflow in kavfm.sys in Kingsoft Antivirus 2010.04.26.648 and earlier allows local users to execute arbitrary code via a long argument to IOCTL 0x80030004. NOTE: some of these details are obtained from third party information.
18-07-2011 - 22:39 15-09-2010 - 14:00
CVE-2010-3227 9.3
Stack-based buffer overflow in the UpdateFrameTitleForDocument method in the CFrameWnd class in mfc42.dll in the Microsoft Foundation Class (MFC) Library in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows
18-07-2011 - 22:39 26-10-2010 - 18:00
CVE-2010-3142 9.3
Untrusted search path vulnerability in Microsoft Office PowerPoint 2007 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse rpawinet.dll that is located in the same folder
18-07-2011 - 22:39 27-08-2010 - 15:00
CVE-2010-3140 9.3
Untrusted search path vulnerability in Microsoft Windows Internet Communication Settings on Windows XP SP3 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse schannel.dll
18-07-2011 - 22:39 27-08-2010 - 15:00
CVE-2010-3139 9.3
Untrusted search path vulnerability in Microsoft Windows Progman Group Converter (grpconv.exe) allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse imm.dll that is located i
18-07-2011 - 22:39 27-08-2010 - 15:00
CVE-2010-3137 9.3
Untrusted search path vulnerability in Nullsoft Winamp 5.581, and probably other versions, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wnaspi32.dll that is located
18-07-2011 - 22:39 26-08-2010 - 14:36
CVE-2010-3136 9.3
Untrusted search path vulnerability in Skype 4.2.0.169 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wab32.dll that is located in the same folder as a .sk
18-07-2011 - 22:39 26-08-2010 - 14:36
CVE-2010-3132 9.3
Untrusted search path vulnerability in Adobe Dreamweaver CS5 11.0 build 4916, build 4909, and probably other versions, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (
18-07-2011 - 22:39 26-08-2010 - 14:36
CVE-2010-3130 9.3
Untrusted search path vulnerability in TechSmith Snagit 10 (Build 788) allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as
18-07-2011 - 22:39 26-08-2010 - 14:36
CVE-2010-3128 9.3
Untrusted search path vulnerability in TeamViewer 5.0.8703 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as
18-07-2011 - 22:39 26-08-2010 - 14:36
CVE-2010-3127 9.3
Untrusted search path vulnerability in Adobe PhotoShop CS2 through CS5 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll or Wintab32.dll that is located in the
18-07-2011 - 22:39 26-08-2010 - 14:36
CVE-2010-3126 9.3
Untrusted search path vulnerability in avast! Free Antivirus version 5.0.594 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse mfc90loc.dll that is located in
18-07-2011 - 22:39 26-08-2010 - 14:36
CVE-2010-3124 9.3
Untrusted search path vulnerability in bin/winvlc.c in VLC Media Player 1.1.3 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wintab32.dll that is located i
18-07-2011 - 22:39 26-08-2010 - 14:36
CVE-2009-2655 4.3
mshtml.dll in Microsoft Internet Explorer 7 and 8 on Windows XP SP3 allows remote attackers to cause a denial of service (application crash) by calling the JavaScript findText method with a crafted Unicode string in the first argument, and only one a
18-07-2011 - 22:29 03-08-2009 - 10:30
CVE-2009-2433 4.3
Stack-based buffer overflow in the AddFavorite method in Microsoft Internet Explorer allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a long URL in the first argument.
18-07-2011 - 22:28 10-07-2009 - 17:00
CVE-2010-3129 9.3
Untrusted search path vulnerability in uTorrent 2.0.3 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse plugin_dll.dll, userenv.dll, shfolder.dll, dnsapi.dll,
18-07-2011 - 00:00 26-08-2010 - 14:36
CVE-2010-3144 9.3
Untrusted search path vulnerability in the Internet Connection Signup Wizard in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a Trojan horse smmscrpt.dll file in the current working directory, as demon
18-07-2011 - 00:00 27-08-2010 - 15:00
CVE-2010-3653 9.3
The Director module (dirapi.dll) in Adobe Shockwave Player before 11.5.9.615 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Director movie with a crafted rcsL chunk containing a field whose va
18-07-2011 - 00:00 26-10-2010 - 14:00
CVE-2006-5559 9.3
The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control objects (ADODB.Connection.2.7 and ADODB.Connection.2.8) in the Microsoft Data Access Components (MDAC) 2.5 SP3, 2.7 SP1, 2.8, and 2.8 SP1 does not properly track freed memory when
11-07-2011 - 00:00 27-10-2006 - 12:07
CVE-2011-2641 5.0
Opera 11.11 allows remote attackers to cause a denial of service (application crash) by setting the FACE attribute of a FONT element within an IFRAME element after changing the SRC attribute of this IFRAME element to an about:blank value.
05-07-2011 - 00:00 01-07-2011 - 06:55
CVE-2009-3023 9.3
Buffer overflow in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 6.0 allows remote authenticated users to execute arbitrary code via a crafted NLST (NAME LIST) command that uses wildcards, leading to memory corruption,
24-06-2011 - 00:00 31-08-2009 - 16:30
CVE-2009-3103 10.0
Array index error in the SMBv2 protocol implementation in srv2.sys in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC allows remote attackers to execute arbitrary code or cause a denial of service (syste
24-06-2011 - 00:00 08-09-2009 - 18:30
CVE-2007-3400 9.3
The NCTAudioEditor2 ActiveX control in NCTWMAFile2.dll 2.6.2.157, as distributed in NCTAudioEditor and NCTAudioStudio 2.7, allows remote attackers to overwrite arbitrary files via the CreateFile method.
20-06-2011 - 00:00 26-06-2007 - 13:30
CVE-2007-6506 9.3
The HPRulesEngine.ContentCollection.1 ActiveX Control in RulesEngine.dll for HP Software Update 4.000.005.007 and earlier, including 3.0.8.4, allows remote attackers to (1) overwrite and corrupt arbitrary files via arguments to the SaveToFile method,
20-06-2011 - 00:00 20-12-2007 - 18:46
CVE-2006-3942 7.8
The server driver (srv.sys) in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (system crash) via an SMB_COM_TRANSACTION SMB message that contains a string without null character termination, w
14-06-2011 - 00:00 31-07-2006 - 19:04
CVE-2006-5725 5.0
The SSL server in AEP Smartgate 4.3b allows remote attackers to determine existence of directories via a direct request for a directory URI, which returns different HTTP status codes for existing and non-existing directories.
13-06-2011 - 00:00 03-11-2006 - 20:07
CVE-2011-2089 9.3
Stack-based buffer overflow in the SetActiveXGUID method in the VersionInfo ActiveX control in GenVersion.dll 8.0.138.0 in the WebHMI subsystem in ICONICS BizViz 9.x before 9.22 and GENESIS32 9.x before 9.22 allows remote attackers to execute arbitra
26-05-2011 - 00:00 13-05-2011 - 13:05
CVE-2011-0959 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Operations Manager (CUOM) before 8.6 allow remote attackers to inject arbitrary web script or HTML via (1) the extn parameter to iptm/advancedfind.do, (2) the deviceInstanceName par
24-05-2011 - 00:00 20-05-2011 - 18:55
CVE-2011-0960 7.5
Multiple SQL injection vulnerabilities in Cisco Unified Operations Manager (CUOM) before 8.6 allow remote attackers to execute arbitrary SQL commands via (1) the CCMs parameter to iptm/PRTestCreation.do or (2) the ccm parameter to iptm/TelePresenceRe
24-05-2011 - 00:00 20-05-2011 - 18:55
CVE-2011-0962 4.3
Cross-site scripting (XSS) vulnerability in CSCOnm/servlet/com.cisco.nm.help.ServerHelpEngine in the Common Services Device Center in Cisco Unified Operations Manager (CUOM) before 8.6 allows remote attackers to inject arbitrary web script or HTML vi
24-05-2011 - 00:00 20-05-2011 - 18:55
CVE-2011-0966 6.8
Directory traversal vulnerability in cwhp/auditLog.do in the Homepage Auditing component in Cisco CiscoWorks Common Services 3.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, aka Bug ID CSCto355
24-05-2011 - 00:00 20-05-2011 - 18:55
CVE-2008-0457 10.0
Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP
19-05-2011 - 00:00 07-02-2008 - 16:00
CVE-2007-2217 9.3
Kodak Image Viewer in Microsoft Windows 2000 SP4, and in some cases XP SP2 and Server 2003 SP1 and SP2, allows remote attackers to execute arbitrary code via crafted image files that trigger memory corruption, as demonstrated by a certain .tif (TIFF)
29-04-2011 - 00:00 09-10-2007 - 18:17
CVE-2007-3901 8.5
Stack-based buffer overflow in the DirectShow Synchronized Accessible Media Interchange (SAMI) parser in quartz.dll for Microsoft DirectX 7.0 through 10.0 allows remote attackers to execute arbitrary code via a crafted SAMI file.
18-04-2011 - 00:00 11-12-2007 - 19:46
CVE-2006-6561 9.3
Unspecified vulnerability in Microsoft Word 2000, 2002, and Word Viewer 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted DOC file that triggers memory corruption, as demonstrated via the 12122006-djtest.doc file, a d
12-04-2011 - 00:00 14-12-2006 - 13:28
CVE-2006-5784 4.6
Unspecified vulnerability in enserver.exe in SAP Web Application Server 6.40 before patch 136 and 7.00 before patch 66 allows remote attackers to read arbitrary files via crafted data on a "3200+SYSNR" TCP port, as demonstrated by port 3201. NOTE: th
07-04-2011 - 00:00 07-11-2006 - 18:07
CVE-2008-1084 7.2
Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, through Vista SP1, and Server 2008 allows local users to execute arbitrary code via unknown vectors related to improper input validation. NOTE: i
28-03-2011 - 00:00 08-04-2008 - 19:05
CVE-2006-5728 4.0
XM Easy Personal FTP Server 5.2.1 and earlier allows remote authenticated users to cause a denial of service via a long argument to the NLST command, possibly involving the -al flags.
08-03-2011 - 00:00 06-11-2006 - 12:07
CVE-2009-0658 9.3
Buffer overflow in Adobe Reader 9.0 and earlier, and Acrobat 9.0 and earlier, allows remote attackers to execute arbitrary code via a crafted PDF document, related to a non-JavaScript function call and possibly an embedded JBIG2 image stream, as expl
07-03-2011 - 22:18 20-02-2009 - 14:30
CVE-2009-0491 9.3
Stack-based buffer overflow in Elecard MPEG Player 5.5 build 15884.081218 allows remote attackers to execute arbitrary code via a M3U file containing a long URL.
07-03-2011 - 22:18 09-02-2009 - 20:30
CVE-2009-0490 9.3
Stack-based buffer overflow in the String_parse::get_nonspace_quoted function in lib-src/allegro/strparse.cpp in Audacity 1.2.6 and other versions before 1.3.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrar
07-03-2011 - 22:18 09-02-2009 - 20:30
CVE-2009-0476 9.3
Stack-based buffer overflow in MultiMedia Soft AdjMmsEng.dll 7.11.1.0 and 7.11.2.7, as distributed in multiple MultiMedia Soft audio components for .NET, allows remote attackers to execute arbitrary code via a long string in a playlist (.pls) file, a
07-03-2011 - 22:18 08-02-2009 - 16:30
CVE-2009-0388 10.0
Multiple integer signedness errors in (1) UltraVNC 1.0.2 and 1.0.5 and (2) TightVnc 1.3.9 allow remote VNC servers to cause a denial of service (heap corruption and application crash) or possibly execute arbitrary code via a large length value in a m
07-03-2011 - 22:18 04-02-2009 - 14:30
CVE-2009-0351 9.0
Stack-based buffer overflow in WFTPSRV.exe in WinFTP 2.3.0 allows remote authenticated users to execute arbitrary code via a long LIST argument beginning with an * (asterisk) character.
07-03-2011 - 22:18 29-01-2009 - 14:30
CVE-2009-0262 9.3
Stack-based buffer overflow in Triologic Media Player 7 and 8.0.0.0 allows user-assisted remote attackers to execute arbitrary code via a long string in a .m3u playlist file. NOTE: some of these details are obtained from third party information.
07-03-2011 - 22:18 23-01-2009 - 14:00
CVE-2009-0183 10.0
Stack-based buffer overflow in Remote Control Server in Free Download Manager (FDM) 2.5 Build 758 and 3.0 Build 844 allows remote attackers to execute arbitrary code via a long Authorization header in an HTTP request.
07-03-2011 - 22:18 03-02-2009 - 14:30
CVE-2008-6186 9.0
Stack-based buffer overflow in RaidenFTPD 2.4 build 3620 allows remote authenticated users to cause a denial of service (crash) or execute arbitrary code via long (1) CWD and (2) MLST commands.
07-03-2011 - 22:15 19-02-2009 - 13:30
CVE-2008-6185 5.0
NoticeWare Email Server NG 5.1.2.2 allows remote attackers to cause a denial of service (crash) via multiple POP3 requests with a long PASS command.
07-03-2011 - 22:15 19-02-2009 - 13:30
CVE-2008-5756 9.3
Buffer overflow in BreakPoint Software Hex Workshop 5.1.4 allows user-assisted attackers to cause a denial of service and possibly execute arbitrary code via a long mapping reference in a Color Mapping (.cmap) file.
07-03-2011 - 22:15 30-12-2008 - 12:30
CVE-2008-5666 3.5
WinFTP FTP Server 2.3.0, when passive (aka PASV) mode is used, allows remote authenticated users to cause a denial of service via a sequence of FTP sessions that include an invalid "NLST -1" command.
07-03-2011 - 22:14 18-12-2008 - 20:52
CVE-2008-5664 9.3
Stack-based buffer overflow in Realtek Media Player (aka Realtek Sound Manager, RtlRack, or rtlrack.exe) 1.15.0.0 allows remote attackers to execute arbitrary code via a crafted playlist (PLA) file.
07-03-2011 - 22:14 18-12-2008 - 20:52
CVE-2008-5626 4.0
XM Easy Personal FTP Server 5.6.0 allows remote authenticated users to cause a denial of service via a crafted argument to the NLST command, as demonstrated by a -1 argument.
07-03-2011 - 22:14 17-12-2008 - 12:30
CVE-2008-5405 9.3
Stack-based buffer overflow in the RDP protocol password decoder in Cain & Abel 4.9.23 and 4.9.24, and possibly earlier, allows remote attackers to execute arbitrary code via an RDP file containing a long string.
07-03-2011 - 22:14 10-12-2008 - 01:44
CVE-2008-5178 9.3
Heap-based buffer overflow in Opera 9.62 on Windows allows remote attackers to execute arbitrary code via a long file:// URI. NOTE: this might overlap CVE-2008-5680.
07-03-2011 - 22:14 20-11-2008 - 10:30
CVE-2008-5002 9.3
Insecure method vulnerability in the ChilkatCrypt2.ChilkatCrypt2.1 ActiveX control (ChilkatCrypt2.dll 4.3.2.1) in Chilkat Crypt ActiveX Component allows remote attackers to create and overwrite arbitrary files via the WriteFile method. NOTE: this co
07-03-2011 - 22:13 10-11-2008 - 09:12
CVE-2008-4922 9.3
Buffer overflow in the DjVu ActiveX Control 3.0 for Microsoft Office (DjVu_ActiveX_MSOffice.dll) allows remote attackers to execute arbitrary code via a long (1) ImageURL property, and possibly the (2) Mode, (3) Page, or (4) Zoom properties.
07-03-2011 - 22:13 04-11-2008 - 16:00
CVE-2008-4841 9.3
The WordPad Text Converter for Word 97 files in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corrupti
07-03-2011 - 22:13 10-12-2008 - 09:00
CVE-2008-4779 10.0
Stack-based buffer overflow in TUGzip 3.5.0.0 allows remote attackers to denial of service (crash) or execute arbitrary code via a long filename in a .zip file.
07-03-2011 - 22:13 29-10-2008 - 10:22
CVE-2008-4771 9.3
Stack-based buffer overflow in VATDecoder.VatCtrl.1 ActiveX control in (1) 4xem VatCtrl Class (VATDecoder.dll 1.0.0.27 and 1.0.0.51), (2) D-Link MPEG4 SHM Audio Control (VAPGDecoder.dll 1.7.0.5), (3) Vivotek RTSP MPEG4 SP Control (RtspVapgDecoderNew.
07-03-2011 - 22:13 28-10-2008 - 15:20
CVE-2008-4762 9.0
Stack-based buffer overflow in freeSSHd 1.2.1 allows remote authenticated users to cause a denial of service (service crash) and potentially execute arbitrary code via a long argument to the (1) rename and (2) realpath parameters.
07-03-2011 - 22:13 27-10-2008 - 22:00
CVE-2008-4748 7.6
Format string vulnerability in the URI handler in KVirc 3.4.0, when set as the default application for processing IRC URIs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string
07-03-2011 - 22:13 27-10-2008 - 16:00
CVE-2008-4728 9.3
Multiple insecure method vulnerabilities in the DeployRun.DeploymentSetup.1 (DeployRun.dll) ActiveX control 10.0.0.44 in Hummingbird Deployment Wizard 2008 allow remote attackers to execute arbitrary programs via the (1) Run and (2) PerformUpdateAsyn
07-03-2011 - 22:12 23-10-2008 - 20:00
CVE-2008-4726 9.0
Stack-based buffer overflow in the SFTP subsystem in GoodTech SSH 6.4 allows remote authenticated users to execute arbitrary code via a long string to the (1) open (aka SSH_FXP_OPEN), (2) unlink, (3) opendir, and other unspecified parameters.
07-03-2011 - 22:12 23-10-2008 - 20:00
CVE-2008-4725 4.3
Cross-site scripting (XSS) vulnerability in Opera.dll in Opera 9.52 allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly escaped before storage in the History Search database (aka md.dat), a diffe
07-03-2011 - 22:12 23-10-2008 - 18:00
CVE-2008-4696 4.3
Cross-site scripting (XSS) vulnerability in Opera.dll in Opera before 9.61 allows remote attackers to inject arbitrary web script or HTML via the anchor identifier (aka the "optional fragment"), which is not properly escaped before storage in the His
07-03-2011 - 22:12 23-10-2008 - 18:00
CVE-2008-4572 10.0
GuildFTPd 0.999.14, and possibly other versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long arguments to the CWD and LIST commands, which triggers heap corruption related to an improper f
07-03-2011 - 22:12 15-10-2008 - 16:00
CVE-2008-4501 9.0
Directory traversal vulnerability in the FTP server in Serv-U 7.0.0.1 through 7.3, including 7.2.0.1, allows remote authenticated users to overwrite or create arbitrary files via a ..\ (dot dot backslash) in the RNTO command.
07-03-2011 - 22:12 08-10-2008 - 20:00
CVE-2008-4500 4.0
Serv-U 7.0.0.1 through 7.3, including 7.2.0.1, allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted stou command, probably related to MS-DOS device names, as demonstrated using "con:1".
07-03-2011 - 22:12 08-10-2008 - 20:00
CVE-2008-4472 9.3
The UpdateEngine class in the LiveUpdate ActiveX control (LiveUpdate16.DLL 17.2.56), as used in Revit Architecture 2009 SP2 and Autodesk Design Review 2009, allows remote attackers to execute arbitrary programs via the second argument to the ApplyPat
07-03-2011 - 22:12 07-10-2008 - 16:00
CVE-2008-4471 9.3
Directory traversal vulnerability in the CExpressViewerControl class in the DWF Viewer ActiveX control (AdView.dll 9.0.0.96), as used in Revit Architecture 2009 SP2 and Autodesk Design Review 2009, allows remote attackers to overwrite arbitrary files
07-03-2011 - 22:12 07-10-2008 - 16:00
CVE-2008-4470 9.3
Stack-based buffer overflow in Numark CUE 5.0 rev2 allows user-assisted attackers to cause a denial of service (application crash) or execute arbitrary code via an M3U playlist file that contains a long absolute pathname.
07-03-2011 - 22:12 06-10-2008 - 20:31
CVE-2008-4453 9.3
The GdPicture (1) Light Imaging Toolkit 4.7.1 GdPicture4S.Imaging ActiveX control (gdpicture4s.ocx) 4.7.0.1 and (2) Pro Imaging SDK 5.7.1 GdPicturePro5S.Imaging ActiveX control (gdpicturepro5s.ocx) 5.7.0.1 allows remote attackers to create, overwrite
07-03-2011 - 22:12 06-10-2008 - 19:25
CVE-2008-4449 9.3
Stack-based buffer overflow in mIRC 6.34 allows remote attackers to execute arbitrary code via a long hostname in a PRIVMSG message.
07-03-2011 - 22:12 06-10-2008 - 15:56
CVE-2008-4421 7.8
Directory traversal vulnerability in MetaGauge 1.0.0.17, and probably other versions before 1.0.3.38, allows remote attackers to read arbitrary files via a "..\" (dot dot backslash) in the URL.
07-03-2011 - 22:12 07-10-2008 - 16:00
CVE-2008-4363 7.2
DLMFENC.sys 1.0.0.28 in DESlock+ 3.2.7 allows local users to cause a denial of service (system crash) or potentially execute arbitrary code via a certain DLMFENC_IOCTL request to \\.\DLKPFSD_Device that overwrites a pointer, probably related to use o
07-03-2011 - 22:12 30-09-2008 - 19:24
CVE-2008-4362 4.9
The Virtual Token driver (vdlptokn.sys) 1.0.2.43 in DESlock+ 3.2.7 allows local users to cause a denial of service (system crash) via a crafted IOCTL request to \Device\DLPTokenWalter0.
07-03-2011 - 22:12 30-09-2008 - 19:24
CVE-2008-4243 7.8
Directory traversal vulnerability in ImageServer (aka UTImageServer) in WebAdmin before 1.7 for Epic Games Unreal Tournament 3 (UT3) 1.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.
07-03-2011 - 22:12 25-09-2008 - 15:25
CVE-2008-3892 10.0
Buffer overflow in a certain ActiveX control in the COM API in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 1
07-03-2011 - 22:11 03-09-2008 - 10:12
CVE-2008-3578 5.0
HydraIRC 0.3.164 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a long irc:// URI.
07-03-2011 - 22:11 10-08-2008 - 17:41
CVE-2008-3529 10.0
Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name.
07-03-2011 - 22:10 12-09-2008 - 12:56
CVE-2008-3480 9.3
Stack-based buffer overflow in the Anzio Web Print Object (WePO) ActiveX control 3.2.19 and 3.2.24, as used in Anzio Print Wizard, allows remote attackers to execute arbitrary code via a long mainurl parameter.
07-03-2011 - 22:10 29-08-2008 - 13:41
CVE-2008-3464 7.2
afd.sys in the Ancillary Function Driver (AFD) component in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP1 and SP2 does not properly validate input sent from user mode to the kernel, which allows local users to gain privileges via a cra
07-03-2011 - 22:10 14-10-2008 - 20:12
CVE-2008-3408 6.8
Stack-based buffer overflow in CoolPlayer 2.18, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via a crafted m3u file.
07-03-2011 - 22:10 31-07-2008 - 13:41
CVE-2008-3364 9.3
Buffer overflow in the ObjRemoveCtrl Class ActiveX control in OfficeScanRemoveCtrl.dll 7.3.0.1020 in Trend Micro OfficeScan Corp Edition (OSCE) Web-Deployment 7.0, 7.3 build 1343 Patch 4 and other builds, and 8.0; Client Server Messaging Security (CS
07-03-2011 - 22:10 30-07-2008 - 12:41
CVE-2008-3360 9.3
Stack-based buffer overflow in the HTML parser in IntelliTamper 2.0.7 allows remote attackers to execute arbitrary code via a long URL in the HREF attribute of an A element, a different vulnerability than CVE-2006-2494.
07-03-2011 - 22:10 29-07-2008 - 14:41
CVE-2008-3269 5.0
WRPCServer.exe in WinSoftMagic WinRemotePC (WRPC) Lite 2008 and Full 2008 allows remote attackers to cause a denial of service (CPU consumption) via a crafted packet to TCP port 4321.
07-03-2011 - 22:10 24-07-2008 - 11:41
CVE-2008-3257 10.0
Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after
07-03-2011 - 22:10 22-07-2008 - 12:41
CVE-2008-3242 10.0
Heap-based buffer overflow in the PPMedia Class ActiveX control in PPMPlayer.dll in PPMate 2.3.1.93 allows remote attackers to execute arbitrary code via a long argument to the StartUrl method. NOTE: some of these details are obtained from third par
07-03-2011 - 22:10 21-07-2008 - 12:41
CVE-2008-3182 9.3
Stack-based buffer overflow in DAP.exe in Download Accelerator Plus (DAP) 7.0.1.3, 8.6.6.3, and other 8.x versions allows user-assisted remote attackers to execute arbitrary code via an M3U (.m3u) file containing a long MP3 URL.
07-03-2011 - 22:10 15-07-2008 - 14:41
CVE-2008-3156 9.3
The ActiveScan ActiveX Control (as2guiie.dll) in Panda ActiveScan before 1.02.00 allows remote attackers to download and execute arbitrary cabinet (CAB) files via unspecified URLs passed to the Update method.
07-03-2011 - 22:10 11-07-2008 - 18:41
CVE-2008-3155 9.3
Stack-based buffer overflow in the ActiveX control (as2guiie.dll) in Panda ActiveScan before 1.02.00 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long argument to the Update method.
07-03-2011 - 22:10 11-07-2008 - 18:41
CVE-2008-2745 9.3
Stack-based buffer overflow in BiAnno ActiveX Control (BiAnno.ocx) in Black Ice Software Annotation Plugin 10.95 allows remote attackers to execute arbitrary code via a long parameter to the AnnoSaveToTiff method.
07-03-2011 - 22:09 17-06-2008 - 11:41
CVE-2008-2684 9.3
The BIDIB.BIDIBCtrl.1 ActiveX control in BIDIB.ocx 10.9.3.0 in Black Ice Barcode SDK 5.01 allows remote attackers to execute arbitrary code via long strings in the two arguments to the DownloadImageFileURL method, which trigger memory corruption. NO