Max CVSS 10.0 Min CVSS 2.1 Total Count121
IDCVSSSummaryLast (major) updatePublished
CVE-2017-8464 9.3
Windows Shell in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows local users or remote attackers t
14-06-2017 - 21:29 14-06-2017 - 21:29
CVE-2017-1092 10.0
IBM Informix Open Admin Tool 11.5, 11.7, and 12.1 could allow an unauthorized user to execute arbitrary code as system admin on Windows servers. IBM X-Force ID: 120390.
22-05-2017 - 16:29 22-05-2017 - 16:29
CVE-2017-5982 5.0
Directory traversal vulnerability in the Chorus2 2.4.2 add-on for Kodi allows remote attackers to read arbitrary files via a %2E%2E%252e (encoded dot dot slash) in the image path, as demonstrated by image/image%3A%2F%2F%2e%2e%252fetc%252fpasswd.
02-03-2017 - 21:59 28-02-2017 - 13:59
CVE-2008-1309 9.3
The RealAudioObjects.RealAudio ActiveX control in rmoc3260.dll in RealNetworks RealPlayer Enterprise, RealPlayer 10, RealPlayer 10.5 before build 6.0.12.1675, and RealPlayer 11 before 11.0.3 build 6.0.14.806 does not properly manage memory for the (1
19-02-2017 - 00:21 12-03-2008 - 13:44
CVE-2016-10045 7.5
The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal esca
25-01-2017 - 21:59 30-12-2016 - 14:59
CVE-2016-10033 7.5
The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property.
25-01-2017 - 21:59 30-12-2016 - 14:59
CVE-2014-0224 6.8
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL
18-01-2017 - 21:59 05-06-2014 - 17:55
CVE-2013-1710 10.0
The crypto.generateCRMFRequest function in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 allows remote attackers to execute arbitrary JavaScript c
06-01-2017 - 21:59 06-08-2013 - 21:55
CVE-2016-7456 10.0
VMware vSphere Data Protection (VDP) 5.5.x though 6.1.x has an SSH private key with a publicly known password, which makes it easier for remote attackers to obtain login access via an SSH session.
03-01-2017 - 13:43 29-12-2016 - 04:59
CVE-2015-0235 10.0
Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 fu
02-01-2017 - 21:59 28-01-2015 - 14:59
CVE-2015-0096 9.3
Untrusted search path vulnerability in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to
02-01-2017 - 21:59 11-03-2015 - 06:59
CVE-2015-0002 7.2
The AhcVerifyAdminContext function in ahcache.sys in the Application Compatibility component in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not verify
02-01-2017 - 21:59 13-01-2015 - 17:59
CVE-2014-7285 6.5
The management console on the Symantec Web Gateway (SWG) appliance before 5.2.2 allows remote authenticated users to execute arbitrary OS commands by injecting command strings into unspecified PHP scripts.
02-01-2017 - 21:59 17-12-2014 - 11:59
CVE-2014-6593 4.0
Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit 27.8.4 and 28.3.4 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE.
02-01-2017 - 21:59 21-01-2015 - 10:28
CVE-2013-4988 9.3
Stack-based buffer overflow in IcoFX 2.5 and earlier allows remote attackers to execute arbitrary code via a long idCount value in an ICONDIR structure in an ICO file. NOTE: some of these details are obtained from third party information.
30-12-2016 - 21:59 13-12-2013 - 13:07
CVE-2015-5889 7.2
rsh in the remote_cmds component in Apple OS X before 10.11 allows local users to obtain root privileges via vectors involving environment variables.
23-12-2016 - 21:59 09-10-2015 - 01:59
CVE-2015-2342 10.0
The JMX RMI service in VMware vCenter Server 5.0 before u3e, 5.1 before u3b, 5.5 before u3, and 6.0 before u1 does not restrict registration of MBeans, which allows remote attackers to execute arbitrary code via the RMI protocol.
07-12-2016 - 22:07 12-10-2015 - 06:59
CVE-2015-8562 7.5
Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header, as exploited in the wild in December 2015.
07-12-2016 - 13:28 16-12-2015 - 16:59
CVE-2015-7297 7.5
SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2015-7858.
07-12-2016 - 13:23 29-10-2015 - 16:59
CVE-2016-2203 2.1
The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to discover an encrypted AD password by leveraging certain read privileges.
02-12-2016 - 22:24 22-04-2016 - 14:59
CVE-2013-3623 10.0
Multiple stack-based buffer overflows in cgi/close_window.cgi in the web interface in the Intelligent Platform Management Interface (IPMI) with firmware before 3.15 (SMT_X9_315) on Supermicro X9 generation motherboards allow remote attackers to execu
28-11-2016 - 14:09 10-12-2013 - 11:11
CVE-2009-0978 5.5
Unspecified vulnerability in the Workspace Manager component in Oracle Database 10.2.0.4 and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2009-0975.
22-11-2016 - 11:16 15-04-2009 - 06:30
CVE-2013-4984 7.2
The close_connections function in /opt/cma/bin/clear_keys.pl in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows local users to gain privileges via shell metacharacters in the second argument.
08-11-2016 - 09:00 10-09-2013 - 07:28
CVE-2013-1347 9.3
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly allocated or (2) is deleted, as exploited in the wild in May 2013.
19-10-2016 - 13:55 05-05-2013 - 07:07
CVE-2005-4134 5.0
Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon before 0.9.12 allows remote attackers to cause a denial of service (CPU consumption and delayed application startup) via a web site with a large title, which is recorded in history.dat but not
17-10-2016 - 23:38 09-12-2005 - 10:03
CVE-2004-1316 5.0
Heap-based buffer overflow in MSG_UnEscapeSearchUrl in nsNNTPProtocol.cpp for Mozilla 1.7.3 and earlier allows remote attackers to cause a denial of service (application crash) via an NNTP URL (news:) with a trailing '\' (backslash) character, which
17-10-2016 - 22:53 29-12-2004 - 00:00
CVE-2004-0397 7.5
Stack-based buffer overflow during the apr_time_t data conversion in Subversion 1.0.2 and earlier allows remote attackers to execute arbitrary code via a (1) DAV2 REPORT query or (2) get-dated-rev svn-protocol command.
17-10-2016 - 22:45 07-07-2004 - 00:00
CVE-2001-0241 10.0
Buffer overflow in Internet Printing ISAPI extension in Windows 2000 allows remote attackers to gain root privileges via a long print request that is passed to the extension through IIS 5.0.
17-10-2016 - 22:10 27-06-2001 - 00:00
CVE-1999-1510 7.5
Buffer overflows in Bisonware FTP server prior to 4.1 allow remote attackers to cause a denial of service, and possibly execute arbitrary commands, via long (1) USER, (2) LIST, or (3) CWD commands.
17-10-2016 - 22:05 17-05-1999 - 00:00
CVE-2000-0322 10.0
The passwd.php3 CGI script in the Red Hat Piranha Virtual Server Package allows local users to execute arbitrary commands via shell metacharacters.
16-09-2016 - 21:59 24-04-2000 - 00:00
CVE-2011-0923 10.0
The client in HP Data Protector does not properly validate EXEC_CMD arguments, which allows remote attackers to execute arbitrary Perl code via a crafted command, related to the "local bin directory."
22-08-2016 - 22:03 08-02-2011 - 20:00
CVE-2010-0840 7.5
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
22-08-2016 - 22:00 01-04-2010 - 12:30
CVE-2012-0549 7.5
Unspecified vulnerability in the Oracle AutoVue Office component in Oracle Supply Chain Products Suite 20.1.1 allows remote attackers to affect confidentiality, integrity, and availability, related to Desktop API.
18-05-2016 - 13:35 03-05-2012 - 14:55
CVE-2014-3704 7.5
The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing crafted keys.
31-03-2016 - 13:36 15-10-2014 - 20:55
CVE-2015-3628 9.0
The iControl API in F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.0 before 11.5.3 HF2 and 11.6.0 before 11.6.0 HF6, BIG-IP AAM 11.4.0 before 11.5.3 HF2 and 11.6.0 before 11.6.0 HF6, BIG-IP Edge Gateway, WebAccelerator, and WO
08-12-2015 - 16:03 07-12-2015 - 15:59
CVE-2015-7602 7.8
Directory traversal vulnerability in BisonWare BisonFTP 3.5 allows remote attackers to read arbitrary files via a ../ (dot dot slash) in a RETR command.
13-10-2015 - 12:52 29-09-2015 - 15:59
CVE-2013-0928 9.3
The NetWorker command processor in rrobotd.exe in the Device Manager in EMC AlphaStor 4.0 before build 800 allows remote attackers to execute arbitrary commands via a DCP "run command" operation.
13-10-2015 - 12:33 21-01-2013 - 16:55
CVE-2013-0229 7.8
The ProcessSSDPRequest function in minissdp.c in the SSDP handler in MiniUPnP MiniUPnPd before 1.4 allows remote attackers to cause a denial of service (service crash) via a crafted request that triggers a buffer over-read.
08-10-2015 - 10:34 31-01-2013 - 16:55
CVE-2014-3828 10.0
Multiple SQL injection vulnerabilities in Centreon 2.5.1 and Centreon Enterprise Server 2.2 allow remote attackers to execute arbitrary SQL commands via (1) the index_id parameter to views/graphs/common/makeXML_ListMetrics.php, (2) the sid parameter
31-08-2015 - 14:25 22-10-2014 - 21:55
CVE-2014-0784 8.3
Stack-based buffer overflow in BKBCopyD.exe in Yokogawa CENTUM CS 3000 R3.09.50 and earlier allows remote attackers to execute arbitrary code via a crafted TCP packet.
05-08-2015 - 11:51 14-03-2014 - 06:55
CVE-2014-8517 7.5
The fetch_url function in usr.bin/ftp/fetch.c in tnftp, as used in NetBSD 5.1 through 5.1.4, 5.2 through 5.2.2, 6.0 through 6.0.6, and 6.1 through 6.1.5 allows remote attackers to execute arbitrary commands via a | (pipe) character at the end of an H
05-02-2015 - 13:18 17-11-2014 - 11:59
CVE-2014-8270 5.0
BMC Track-It! 11.3 allows remote attackers to gain privileges and execute arbitrary code by creating an account whose name matches that of a local system account, then performing a password reset.
12-12-2014 - 15:38 12-12-2014 - 06:59
CVE-2014-5445 5.0
Multiple absolute path traversal vulnerabilities in ZOHO ManageEngine Netflow Analyzer 8.6 through 10.2 and IT360 10.3 allow remote attackers or remote authenticated users to read arbitrary files via a full pathname in the schFilePath parameter to th
05-12-2014 - 08:50 04-12-2014 - 12:59
CVE-2014-3829 10.0
displayServiceStatus.php in Centreon 2.5.1 and Centreon Enterprise Server 2.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) session_id or (2) template_id parameter, related to the command_line variable.
23-10-2014 - 12:30 22-10-2014 - 21:55
CVE-2013-2465 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity,
04-10-2014 - 01:06 18-06-2013 - 18:55
CVE-2013-1488 10.0
The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to execute arbitrary code via unspecified vectors involving reflection, Libraries, "improper toString calls," and the
04-10-2014 - 01:04 08-03-2013 - 13:55
CVE-2012-5076 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JAX-WS.
04-10-2014 - 00:57 16-10-2012 - 17:55
CVE-2012-1675 7.5
The TNS Listener, as used in Oracle Database 11g 11.1.0.7, 11.2.0.2, and 11.2.0.3, and 10g 10.2.0.3, 10.2.0.4, and 10.2.0.5, as used in Oracle Fusion Middleware, Enterprise Manager, E-Business Suite, and possibly other products, allows remote attacke
08-09-2014 - 13:57 08-05-2012 - 18:55
CVE-2012-5192 5.0
Directory traversal vulnerability in gmap/view_overlay.php in Bitweaver 2.8.1 and earlier allows remote attackers to read arbitrary files via "''%2F" (dot dot encoded slash) sequences in the overlay_type parameter.
21-02-2014 - 14:49 27-01-2014 - 19:55
CVE-2013-0632 10.0
administrator.cfc in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to bypass authentication and possibly execute arbitrary code by logging in to the RDS component using the default empty password and leveraging this session to ac
17-01-2014 - 00:12 16-01-2013 - 19:55
CVE-2009-4140 7.5
Unrestricted file upload vulnerability in ofc_upload_image.php in Open Flash Chart v2 Beta 1 through v2 Lug Wyrm Charmer, as used in Piwik 0.2.35 through 0.4.3, Woopra Analytics Plugin before 1.4.3.2, and possibly other products, when register_global
12-12-2013 - 23:32 22-12-2009 - 17:30
CVE-2013-3346 10.0
Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, C
02-11-2013 - 23:32 30-08-2013 - 16:55
CVE-2012-3993 9.3
The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 does not properly interact with failures of InstallT
02-11-2013 - 23:26 10-10-2012 - 13:55
CVE-2012-3752 9.3
Multiple buffer overflows in Apple QuickTime before 7.7.3 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted style element in a QuickTime TeXML file.
02-11-2013 - 23:26 09-11-2012 - 14:55
CVE-2012-3815 9.3
Buffer overflow in RunTime.exe in Sielco Sistemi Winlog Pro SCADA before 2.07.18 and Winlog Lite SCADA before 2.07.18 allows remote attackers to execute arbitrary code via a crafted packet to TCP port 46824. NOTE: some of these details are obtained
10-10-2013 - 16:29 27-06-2012 - 17:55
CVE-2013-4983 10.0
The get_referers function in /opt/ws/bin/sblistpack in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to end-user/index.php.
09-10-2013 - 10:51 10-09-2013 - 07:28
CVE-2012-3569 9.3
Format string vulnerability in VMware OVF Tool 2.1 on Windows, as used in VMware Workstation 8.x before 8.0.5, VMware Player 4.x before 4.0.5, and other products, allows user-assisted remote attackers to execute arbitrary code via a crafted OVF file.
17-08-2013 - 02:47 14-11-2012 - 07:30
CVE-2010-0219 10.0
Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by u
09-05-2013 - 23:14 18-10-2010 - 13:00
CVE-2012-4956 10.0
Heap-based buffer overflow in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to execute arbitrary code via a large number of VOL elements in an SRS record.
02-05-2013 - 23:25 18-11-2012 - 14:55
CVE-2012-2288 9.3
Format string vulnerability in the nsrd RPC service in EMC NetWorker 7.6.3 and 7.6.4 before 7.6.4.1, and 8.0 before 8.0.0.1, allows remote attackers to execute arbitrary code via format string specifiers in a message.
05-03-2013 - 23:59 04-09-2012 - 07:04
CVE-2012-6274 5.0
BigAntSoft BigAnt IM Message Server does not require authentication for file uploading, which allows remote attackers to create arbitrary files under AntServer\DocData\Public via unspecified vectors.
26-02-2013 - 00:00 24-02-2013 - 06:48
CVE-2012-0439 9.3
An ActiveX control in gwcls1.dll in the client in Novell GroupWise 8.0 before 8.0.3 HP2 and 2012 before SP1 HP1 allows remote attackers to execute arbitrary code via (1) a pointer argument to the SetEngine method or (2) an XPItem pointer argument to
25-02-2013 - 00:00 23-02-2013 - 23:37
CVE-2012-5975 9.3
The SSH USERAUTH CHANGE REQUEST feature in SSH Tectia Server 6.0.4 through 6.0.20, 6.1.0 through 6.1.12, 6.2.0 through 6.2.5, and 6.3.0 through 6.3.2 on UNIX and Linux, when old-style password authentication is enabled, allows remote attackers to byp
05-12-2012 - 00:00 04-12-2012 - 18:55
CVE-2012-4959 10.0
Directory traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to upload and execute files via a 130 /FSF/CMD request with a .. (dot dot) in a FILE element of an FSFUI record.
19-11-2012 - 14:24 18-11-2012 - 14:55
CVE-2011-5227 10.0
Stack-based buffer overflow in the Syslog service (nssyslogd.exe) in Enterasys Network Management Suite (NMS) before 4.1.0.80 allows remote attackers to execute arbitrary code via a long PRIO field in a message to UDP port 514.
26-10-2012 - 00:00 25-10-2012 - 13:55
CVE-2010-0866 6.5
Unspecified vulnerability in the JavaVM component in Oracle Database 11.1.0.7 and 11.2.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.
22-10-2012 - 23:20 13-04-2010 - 18:30
CVE-2008-2463 6.8
The Microsoft Office Snapshot Viewer ActiveX control in snapview.ocx 10.0.5529.0, as distributed in the standalone Snapshot Viewer and Microsoft Office Access 2000 through 2003, allows remote attackers to download arbitrary files to a client machine
12-09-2012 - 22:29 07-07-2008 - 19:41
CVE-2008-0610 9.3
Stack-based buffer overflow in the ClientConnection::NegotiateProtocolVersion function in vncviewer/ClientConnection.cpp in vncviewer for UltraVNC 1.0.2 and 1.0.4 before 01252008, when in LISTENING mode or when using the DSM plugin, allows remote att
13-08-2012 - 22:37 06-02-2008 - 07:00
CVE-2012-3811 10.0
Unrestricted file upload vulnerability in ImageUpload.ashx in the Wallboard application in Avaya IP Office Customer Call Reporter 7.0 before 7.0.5.8 Q1 2012 Maintenance Release and 8.0 before 8.0.9.13 Q1 2012 Maintenance Release allows remote attacke
17-07-2012 - 00:00 03-07-2012 - 15:55
CVE-2012-0299 10.0
The file-management scripts in the management GUI in Symantec Web Gateway 5.0.x before 5.0.3 allow remote attackers to upload arbitrary code to a designated pathname, and possibly execute this code, via unspecified vectors.
22-05-2012 - 00:00 21-05-2012 - 16:55
CVE-2012-0708 9.3
Heap-based buffer overflow in the Ole API in the CQOle ActiveX control in cqole.dll in IBM Rational ClearQuest 7.1.1 before 7.1.1.9, 7.1.2 before 7.1.2.6, and 8.0.0 before 8.0.0.2 allows remote attackers to execute arbitrary code via a crafted web pa
23-04-2012 - 00:00 22-04-2012 - 14:55
CVE-2011-3322 10.0
Core Server HMI Service (Coreservice.exe) in Scadatec Limited Procyon SCADA 1.06, and other versions before 1.14, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password to the Telnet (TCP/
13-02-2012 - 23:08 15-09-2011 - 13:58
CVE-2011-1774 8.8
WebKit in Apple Safari before 5.0.6 has improper libxslt security settings, which allows remote attackers to create arbitrary files, and consequently execute arbitrary code, via a crafted web site. NOTE: this may overlap CVE-2011-1425.
13-02-2012 - 23:06 21-07-2011 - 19:55
CVE-2011-1213 9.3
Integer underflow in lzhsr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted header in a .lzh attachment that triggers a stack-based buffer overflow, aka SPR PRAD88MJ
26-01-2012 - 22:58 31-05-2011 - 16:55
CVE-2011-5052 6.8
Stack-based buffer overflow in CoCSoft Stream Down 6.8.0 allows remote web servers to execute arbitrary code via a long response to a download request.
05-01-2012 - 10:07 04-01-2012 - 14:55
CVE-2011-4825 7.5
Static code injection vulnerability in inc/function.base.php in Ajax File and Image Manager before 1.1, as used in tinymce before 1.4.2, phpMyFAQ 2.6 before 2.6.19 and 2.7 before 2.7.1, and possibly other products, allows remote attackers to inject a
15-12-2011 - 13:03 14-12-2011 - 22:57
CVE-2011-4542 7.5
Hastymail2 2.1.1 before RC2 allows remote attackers to execute arbitrary commands via the (1) rs or (2) rsargs[] parameter in a mailbox Drafts action to the default URI.
01-12-2011 - 00:00 29-11-2011 - 23:05
CVE-2011-1220 9.0
Stack-based buffer overflow in lcfd.exe in Tivoli Endpoint in IBM Tivoli Management Framework 3.7.1, 4.1, 4.1.1, and 4.3.1 allows remote authenticated users to execute arbitrary code via a long opts field.
21-09-2011 - 23:29 02-06-2011 - 16:55
CVE-2010-2709 9.3
Stack-based buffer overflow in webappmon.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long OvJavaLocale value in a cookie.
21-09-2011 - 23:22 05-08-2010 - 14:17
CVE-2010-0480 9.3
Multiple stack-based buffer overflows in the MPEG Layer-3 audio codecs in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to execute arbitrary code via a craft
21-09-2011 - 23:17 14-04-2010 - 12:00
CVE-2008-2703 10.0
Multiple stack-based buffer overflows in Novell GroupWise Messenger (GWIM) Client before 2.0.3 HP1 for Windows allow remote attackers to execute arbitrary code via "spoofed server responses" that contain a long string after the NM_A_SZ_TRANSACTION_ID
06-09-2011 - 00:00 13-06-2008 - 15:41
CVE-2007-6166 9.3
Stack-based buffer overflow in Apple QuickTime before 7.3.1, as used in QuickTime Player on Windows XP and Safari on Mac OS X, allows remote Real Time Streaming Protocol (RTSP) servers to execute arbitrary code via an RTSP response with a long Conten
04-08-2011 - 00:00 28-11-2007 - 20:46
CVE-2007-0348 9.3
Stack-based buffer overflow in the IASystemInfo.dll ActiveX control in (1) InterActual Player 2.60.12.0717, (2) Roxio CinePlayer 3.2, (3) WinDVD 7.0.27.172, and possibly other products, allows remote attackers to execute arbitrary code via a long App
01-08-2011 - 00:00 21-03-2007 - 15:19
CVE-2009-4098 6.0
Unrestricted file upload vulnerability in banner-edit.php in OpenX adserver 2.8.1 and earlier allows remote authenticated users with banner / file upload permissions to execute arbitrary code by uploading a file with an executable extension, then acc
25-07-2011 - 00:00 29-11-2009 - 08:08
CVE-2009-3023 9.3
Buffer overflow in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 6.0 allows remote authenticated users to execute arbitrary code via a crafted NLST (NAME LIST) command that uses wildcards, leading to memory corruption,
24-06-2011 - 00:00 31-08-2009 - 16:30
CVE-2006-0298 5.8
The XML parser in Mozilla Firefox before 1.5.0.1 and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly read sensitive data via unknown attack vectors that trigger an out-of-bounds read.
25-05-2011 - 00:00 02-02-2006 - 17:02
CVE-2009-0476 9.3
Stack-based buffer overflow in MultiMedia Soft AdjMmsEng.dll 7.11.1.0 and 7.11.2.7, as distributed in multiple MultiMedia Soft audio components for .NET, allows remote attackers to execute arbitrary code via a long string in a playlist (.pls) file, a
07-03-2011 - 22:18 08-02-2009 - 16:30
CVE-2008-2551 9.3
The DownloaderActiveX Control (DownloaderActiveX.ocx) in Icona SpA C6 Messenger 1.0.0.1 allows remote attackers to force the download and execution of arbitrary files via a URL in the propDownloadUrl parameter with the propPostDownloadAction paramete
07-03-2011 - 22:09 04-06-2008 - 19:32
CVE-2007-6530 9.3
Buffer overflow in the XUpload.ocx ActiveX control in Persits Software XUpload 2.1.0.1, and probably other versions before 3.0, as used by HP Mercury LoadRunner and Groove Virtual Office, allows remote attackers to execute arbitrary code via a long a
07-03-2011 - 22:03 27-12-2007 - 17:46
CVE-2007-6377 7.5
Stack-based buffer overflow in the PassThru functionality in ext.dll in BadBlue 2.72b and earlier allows remote attackers to execute arbitrary code via a long query string.
07-03-2011 - 22:02 14-12-2007 - 20:46
CVE-2007-3068 6.8
Stack-based buffer overflow in DVD X Player 4.1 Professional allows remote attackers to execute arbitrary code via a PLF playlist containing a long filename.
07-03-2011 - 21:55 05-06-2007 - 21:30
CVE-2006-5216 7.5
Stack-based buffer overflow in Sergey Lyubka Simple HTTPD (shttpd) 1.34 allows remote attackers to execute arbitrary code via a long URI.
07-03-2011 - 21:42 10-10-2006 - 00:06
CVE-2006-0992 10.0
Stack-based buffer overflow in Novell GroupWise Messenger before 2.0 Public Beta 2 allows remote attackers to execute arbitrary code via a long Accept-Language value without a comma or semicolon. NOTE: due to a typo, the original ZDI advisory accide
07-03-2011 - 21:31 14-04-2006 - 06:02
CVE-2006-0564 7.5
Stack-based buffer overflow in Microsoft HTML Help Workshop 4.74.8702.0, and possibly earlier versions, and as included in the Microsoft HTML Help 1.4 SDK, allows context-dependent attackers to execute arbitrary code via a .hhp file with a long Conte
07-03-2011 - 21:30 06-02-2006 - 18:02
CVE-2006-0476 7.6
Buffer overflow in Nullsoft Winamp 5.12 allows remote attackers to execute arbitrary code via a playlist (pls) file with a long file name (File1 field).
07-03-2011 - 21:30 31-01-2006 - 06:03
CVE-2006-0441 7.5
Stack-based buffer overflow in Sami FTP Server 2.0.1 allows remote attackers to execute arbitrary code via a long USER command, which triggers the overflow when the log is viewed.
07-03-2011 - 21:30 26-01-2006 - 17:03
CVE-2006-0299 6.4
The E4X implementation in Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript in mail, and SeaMonkey before 1.0 exposes the internal "AnyName" object to external interfaces, which allows multiple cooperating domains to exchange info
07-03-2011 - 21:29 02-02-2006 - 18:06
CVE-2006-0297 5.1
Multiple integer overflows in Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMonkey before 1.0 might allow remote attackers to execute arbitrary code via the (1) EscapeAttributeValue in jsxml.c for E4X, (2) nsSVGCairoSu
07-03-2011 - 21:29 02-02-2006 - 17:02
CVE-2006-0296 5.0
The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, and SeaMonkey before 1.0 does not validate the attribute name, which allows remote attackers to execute arbitrary Javascript by injecting RDF data into the user's localstore.rdf fil
07-03-2011 - 21:29 02-02-2006 - 15:06
CVE-2006-0295 5.1
Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMonkey before 1.0 might allow remote attackers to execute arbitrary code via the QueryInterface method of the built-in Location and Navigator objects, which leads to memory
07-03-2011 - 21:29 02-02-2006 - 15:06
CVE-2006-0294 7.5
Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript in mail, and SeaMonkey before 1.0 allow remote attackers to execute arbitrary code by changing an element's style from position:relative to position:static, which causes Gecko to o
07-03-2011 - 21:29 02-02-2006 - 15:06
CVE-2006-0293 7.5
The function allocation code (js_NewFunction in jsfun.c) in Firefox 1.5 allows attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via user-defined methods that trigger garbage collection in a way that opera
07-03-2011 - 21:29 02-02-2006 - 15:06
CVE-2006-0292 7.5
The Javascript interpreter (jsinterp.c) in Mozilla and Firefox before 1.5.1 does not properly dereference objects, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via unknown attack vectors related to garb
07-03-2011 - 21:29 02-02-2006 - 15:06
CVE-2009-3844 10.0
Stack-based buffer overflow in the OmniInet process in HP OpenView Data Protector Application Recovery Manager 5.50 and 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted MSG_PROTOCOL packet.
29-12-2010 - 00:00 08-12-2009 - 18:30
CVE-2010-0304 7.5
Multiple buffer overflows in the LWRES dissector in Wireshark 0.9.15 through 1.0.10 and 1.2.0 through 1.2.5 allow remote attackers to cause a denial of service (crash) via a malformed packet, as demonstrated using a stack-based buffer overflow to the
21-08-2010 - 01:39 03-02-2010 - 13:30
CVE-2009-1136 9.3
The Microsoft Office Web Components Spreadsheet ActiveX control (aka OWC10 or OWC11), as distributed in Office XP SP3 and Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Micro
21-08-2010 - 00:00 15-07-2009 - 11:30
CVE-2010-2309 7.5
Buffer overflow in the web server for EvoLogical EvoCam 3.6.6 and 3.6.7 allows remote attackers to execute arbitrary code via a long GET request.
17-06-2010 - 00:00 16-06-2010 - 16:30
CVE-2009-4179 10.0
Stack-based buffer overflow in ovalarm.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long HTTP Accept-Language header in an OVABverbose action.
23-12-2009 - 01:59 10-12-2009 - 17:30
CVE-2009-1568 9.3
Stack-based buffer overflow in ienipp.ocx in Novell iPrint Client 5.30, and possibly other versions before 5.32, allows remote attackers to execute arbitrary code via a long target-frame parameter.
09-12-2009 - 00:00 08-12-2009 - 18:30
CVE-2009-2685 10.0
Stack-based buffer overflow in the login form in the management web server in HP Power Manager allows remote attackers to execute arbitrary code via the Login variable.
09-11-2009 - 00:00 06-11-2009 - 10:30
CVE-2008-0506 6.8
include/imageObjectIM.class.php in Coppermine Photo Gallery (CPG) before 1.4.15, when the ImageMagick picture processing method is configured, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) quality, (2) angl
11-09-2009 - 00:00 31-01-2008 - 15:00
CVE-2008-5492 9.3
Heap-based buffer overflow in the PDFVIEW.PdfviewCtrl.1 ActiveX control in pdfview.ocx 2.0.0.1 in VeryDOC PDF Viewer OCX Control allows remote attackers to execute arbitrary code via a long first argument to the OpenPDF method. NOTE: some of these d
12-08-2009 - 01:22 12-12-2008 - 11:30
CVE-2008-5711 9.3
Heap-based buffer overflow in the Facebook PhotoUploader ActiveX control 5.0.14.0 and earlier allows remote attackers to execute arbitrary code via a long FileMask property value.
29-01-2009 - 02:00 24-12-2008 - 13:29
CVE-2000-0284 7.5
Buffer overflow in University of Washington imapd version 4.7 allows users with a valid account to execute commands via LIST or other commands.
10-09-2008 - 15:04 16-04-2000 - 00:00
CVE-2000-0248 10.0
The web GUI for the Linux Virtual Server (LVS) software in the Red Hat Linux Piranha package has a backdoor password that allows remote attackers to execute arbitrary commands.
10-09-2008 - 15:03 24-04-2000 - 00:00
CVE-2000-0380 7.1
The IOS HTTP service in Cisco routers and switches running IOS 11.1 through 12.1 allows remote attackers to cause a denial of service by requesting a URL that contains a %% string.
10-09-2008 - 00:00 26-04-2000 - 00:00
CVE-2006-2212 6.4
Buffer overflow in KarjaSoft Sami FTP Server 2.0.2 and earlier allows remote attackers to execute arbitrary code via a long (1) USER or (2) PASS command.
05-09-2008 - 17:03 05-05-2006 - 08:46
CVE-2006-1016 7.5
Buffer overflow in the IsComponentInstalled method in Internet Explorer 6.0, when used on Windows 2000 before SP4 or Windows XP before SP1, allows remote attackers to execute arbitrary code via JavaScript that calls IsComponentInstalled with a long f
05-09-2008 - 17:00 06-03-2006 - 19:02
CVE-2002-2268 9.4
Buffer overflow in Webster HTTP Server allows remote attackers to execute arbitrary code via a long URL.
05-09-2008 - 16:32 31-12-2002 - 00:00
CVE-2000-1089 10.0
Buffer overflow in Microsoft Phone Book Service allows local users to execute arbitrary commands, aka the "Phone Book Service Buffer Overflow" vulnerability.
05-09-2008 - 16:22 09-01-2001 - 00:00
CVE-1999-1053 7.5
guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allo
05-09-2008 - 16:18 13-09-1999 - 00:00
Back to Top Mark selected
Back to Top