Max CVSS 10.0 Min CVSS 2.1 Total Count98
IDCVSSSummaryLast (major) updatePublished
CVE-2018-17936 7.5
NUUO CMS All versions 3.3 and prior the application allows the upload of arbitrary files that can modify or overwrite configuration files to the server, which could allow remote code execution.
27-11-2018 - 15:29 27-11-2018 - 15:29
CVE-2018-16509 9.3
An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instr
05-09-2018 - 02:29 05-09-2018 - 02:29
CVE-2018-10900 7.2
Network Manager VPNC plugin (aka networkmanager-vpnc) before version 1.2.6 is vulnerable to a privilege escalation attack. A new line character can be used to inject a Password helper parameter into the configuration data passed to VPNC, allowing an
26-07-2018 - 11:29 26-07-2018 - 11:29
CVE-2018-10594 7.5
Delta Industrial Automation COMMGR from Delta Electronics versions 1.08 and prior with accompanying PLC Simulators (DVPSimulator EH2, EH3, ES2, SE, SS2 and AHSIM_5x0, AHSIM_5x1) utilize a fixed-length stack buffer where an unverified length value can
26-06-2018 - 16:29 26-06-2018 - 16:29
CVE-2017-0372 7.5
Parameters injection in the SyntaxHighlight extension of Mediawiki before 1.23.16, 1.27.3 and 1.28.2 might result in multiple vulnerabilities.
13-04-2018 - 12:29 13-04-2018 - 12:29
CVE-2017-12557 10.0
A Remote Code Execution vulnerability in HPE intelligent Management Center (iMC) PLAT version IMC Plat 7.3 E0504P2 and earlier was found.
15-02-2018 - 17:29 15-02-2018 - 17:29
CVE-2017-2741 10.0
A potential security vulnerability has been identified with HP PageWide Printers, HP OfficeJet Pro Printers, with firmware before 1708D. This vulnerability could potentially be exploited to execute arbitrary code.
23-01-2018 - 11:29 23-01-2018 - 11:29
CVE-2017-18047 7.5
Buffer Overflow in the FTP client in LabF nfsAxe 3.7 allows remote FTP servers to execute arbitrary code via a long reply.
21-01-2018 - 23:29 21-01-2018 - 23:29
CVE-2017-17560 10.0
An issue was discovered on Western Digital MyCloud PR4100 2.30.172 devices. The web administration component, /web/jquery/uploader/multi_uploadify.php, provides multipart upload functionality that is accessible without authentication and can be used
12-12-2017 - 13:29 12-12-2017 - 13:29
CVE-2017-15944 7.5
Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote attackers to execute arbitrary code via vectors involving the management interface.
11-12-2017 - 12:29 11-12-2017 - 12:29
CVE-2017-16524 6.5
Web Viewer 1.0.0.193 on Samsung SRN-1670D devices suffers from an Unrestricted file upload vulnerability: 'network_ssl_upload.php' allows remote authenticated attackers to upload and execute arbitrary PHP code via a filename with a .php extension, wh
06-11-2017 - 03:29 06-11-2017 - 03:29
CVE-2017-12477 10.0
It was discovered that the bpserverd proprietary protocol in Unitrends Backup (UB) before 10.0.0, as invoked through xinetd, has an issue in which its authentication can be bypassed. A remote attacker could use this issue to execute arbitrary command
07-08-2017 - 11:29 07-08-2017 - 11:29
CVE-2017-7442 6.8
Nitro Pro 11.0.3.173 allows remote attackers to execute arbitrary code via saveAs and launchURL calls with directory traversal sequences.
03-08-2017 - 04:29 03-08-2017 - 04:29
CVE-2017-9769 10.0
A specially crafted IOCTL can be issued to the rzpnk.sys driver in Razer Synapse 2.20.15.1104 that is forwarded to ZwOpenProcess allowing a handle to be opened to an arbitrary process.
02-08-2017 - 15:29 02-08-2017 - 15:29
CVE-2017-8869 6.8
Buffer overflow in MediaCoder 0.8.48.5888 allows remote attackers to execute arbitrary code via a crafted .m3u file.
27-07-2017 - 09:29 27-07-2017 - 09:29
CVE-2017-6326 10.0
The Symantec Messaging Gateway can encounter an issue of remote code execution, which describes a situation whereby an individual may obtain the ability to execute commands remotely on a target machine or in a target process.
26-06-2017 - 17:29 26-06-2017 - 17:29
CVE-2017-8464 9.3
Windows Shell in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows local users or remote attackers t
14-06-2017 - 21:29 14-06-2017 - 21:29
CVE-2017-9462 9.0
In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name.
06-06-2017 - 17:29 06-06-2017 - 17:29
CVE-2017-9080 6.5
PlaySMS 1.4 allows remote code execution because PHP code in the name of an uploaded .php file is executed. sendfromfile.php has a combination of Unrestricted File Upload and Code Injection.
19-05-2017 - 11:29 19-05-2017 - 11:29
CVE-2017-8917 7.5
SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows attackers to execute arbitrary SQL commands via unspecified vectors.
17-05-2017 - 19:29 17-05-2017 - 19:29
CVE-2017-5638 10.0
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a
09-05-2017 - 21:29 10-03-2017 - 21:59
CVE-2017-3622 7.2
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Common Desktop Environment (CDE)). The supported version that is affected is 10. Easily "exploitable" vulnerability allows low privileged attacker with logon t
01-05-2017 - 12:18 24-04-2017 - 15:59
CVE-2017-3881 10.0
A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privi
06-04-2017 - 21:59 17-03-2017 - 18:59
CVE-2017-6510 5.0
Easy File Sharing FTP Server version 3.6 is vulnerable to a directory traversal vulnerability which allows an attacker to list and download any file from any folder outside the FTP root Directory.
20-03-2017 - 21:59 16-03-2017 - 10:59
CVE-2016-10033 7.5
The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property.
25-01-2017 - 21:59 30-12-2016 - 14:59
CVE-2013-1710 10.0
The crypto.generateCRMFRequest function in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 allows remote attackers to execute arbitrary JavaScript c
06-01-2017 - 21:59 06-08-2013 - 21:55
CVE-2015-1635 10.0
HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka "HTTP.sys Remote Code Execution Vulnerabilit
02-01-2017 - 21:59 14-04-2015 - 16:59
CVE-2015-0096 9.3
Untrusted search path vulnerability in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to
02-01-2017 - 21:59 11-03-2015 - 06:59
CVE-2013-6282 7.2
The (1) get_user and (2) put_user API functions in the Linux kernel before 3.5.5 on the v6k and v7 ARM platforms do not validate certain addresses, which allows attackers to read or modify the contents of arbitrary kernel memory locations via a craft
02-01-2017 - 21:59 20-11-2013 - 08:19
CVE-2013-4730 10.0
Buffer overflow in PCMan's FTP Server 2.0.7 allows remote attackers to execute arbitrary code via a long string in a USER command.
30-12-2016 - 21:59 15-05-2014 - 10:55
CVE-2013-2028 7.5
The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which t
30-12-2016 - 21:59 19-07-2013 - 23:37
CVE-2015-2342 10.0
The JMX RMI service in VMware vCenter Server 5.0 before u3e, 5.1 before u3b, 5.5 before u3, and 6.0 before u1 does not restrict registration of MBeans, which allows remote attackers to execute arbitrary code via the RMI protocol.
07-12-2016 - 22:07 12-10-2015 - 06:59
CVE-2013-6935 9.3
Buffer overflow in VideoCharge Software Watermark Master 2.2.23 allows remote attackers to execute arbitrary code via a long string in the SourcePath value in a .wcf file.
07-12-2016 - 22:04 04-12-2013 - 13:56
CVE-2013-0230 10.0
Stack-based buffer overflow in the ExecuteSoapAction function in the SOAPAction handler in the HTTP service in MiniUPnP MiniUPnPd 1.0 allows remote attackers to execute arbitrary code via a long quoted method.
07-12-2016 - 22:02 31-01-2013 - 16:55
CVE-2013-0156 7.5
active_support/core_ext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly restrict casts of string values, which allows remote attackers to conduct object-injection
07-12-2016 - 22:02 13-01-2013 - 17:55
CVE-2013-3893 9.3
Use-after-free vulnerability in the SetMouseCapture implementation in mshtml.dll in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code via crafted JavaScript strings, as demonstrated by use of an ms-help: URL t
28-11-2016 - 14:09 18-09-2013 - 06:08
CVE-2013-3184 9.3
Microsoft Internet Explorer 7 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
20-10-2016 - 12:01 14-08-2013 - 07:10
CVE-2005-2278 7.2
Stack-based buffer overflow in the IMAP daemon (imapd) in MailEnable Professional 1.54 allows remote authenticated users to execute arbitrary code via the status command with a long mailbox name.
17-10-2016 - 23:25 18-07-2005 - 00:00
CVE-2005-0277 5.0
Buffer overflow in the FTP service in 3Com 3CDaemon 2.0 revision 10 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via (1) a long username in the USER command or (2) an FTP command that contains a
17-10-2016 - 23:09 02-05-2005 - 00:00
CVE-2004-1638 7.5
Buffer overflow in MailCarrier 2.51 allows remote attackers to execute arbitrary code via a long (1) EHLO and possibly (2) HELO command.
17-10-2016 - 22:58 16-10-2004 - 00:00
CVE-2004-0330 10.0
Buffer overflow in Serv-U ftp before 5.0.0.4 allows remote authenticated users to execute arbitrary code via a long time zone argument to the MDTM command.
17-10-2016 - 22:44 23-11-2004 - 00:00
CVE-2013-3205 9.3
Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
03-10-2016 - 13:50 11-09-2013 - 10:03
CVE-2013-5486 10.0
Directory traversal vulnerability in processImageSave.jsp in DCNM-SAN Server in Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to write arbitrary files via the chartid parameter, aka Bug IDs CSCue77035 and CSCue7
16-09-2016 - 16:47 23-09-2013 - 06:18
CVE-2015-8279 5.0
Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows remote attackers to read arbitrary files via a request to an unspecified PHP script.
20-01-2016 - 14:53 14-01-2016 - 22:59
CVE-2014-2928 7.1
The iControl API in F5 BIG-IP LTM, APM, ASM, GTM, Link Controller, and PSM 10.0.0 through 10.2.4 and 11.0.0 through 11.5.1, BIG-IP AAM 11.4.0 through 11.5.1, BIG-IP AFM and PEM 11.3.0 through 11.5.1, BIG-IP Analytics 11.0.0 through 11.5.1, BIG-IP Edg
20-11-2015 - 11:24 12-05-2014 - 10:55
CVE-2013-2730 10.0
Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-2733.
23-10-2015 - 11:42 16-05-2013 - 07:45
CVE-2013-0229 7.8
The ProcessSSDPRequest function in minissdp.c in the SSDP handler in MiniUPnP MiniUPnPd before 1.4 allows remote attackers to cause a denial of service (service crash) via a crafted request that triggers a buffer over-read.
08-10-2015 - 10:34 31-01-2013 - 16:55
CVE-2010-0738 5.0
The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attack
22-01-2015 - 08:59 28-04-2010 - 18:30
CVE-2013-2460 9.3
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Servicea
04-10-2014 - 01:06 18-06-2013 - 18:55
CVE-2013-4826 5.0
Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Service Operation Management Software Module allows remote attackers to obtain sensitive information via unknown vectors, aka ZDI-CAN-1647.
11-07-2014 - 11:00 13-10-2013 - 06:20
CVE-2013-3843 6.8
Stack-based buffer overflow in the mk_request_header_process function in mk_request.c in Monkey HTTP Daemon (monkeyd) before 1.2.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTTP hea
13-06-2014 - 12:58 13-06-2014 - 10:55
CVE-2013-3928 9.3
Stack-based buffer overflow in the ReadFile function in flt_BMP.dll in Chasys Draw IES before 4.11.02 allows remote attackers to execute arbitrary code via crafted biPlanes and biBitCount fields in a BMP file.
12-03-2014 - 08:51 11-03-2014 - 15:37
CVE-2013-4800 9.3
Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1735.
17-01-2014 - 00:18 29-07-2013 - 09:59
CVE-2013-2068 9.4
Multiple directory traversal vulnerabilities in the AgentController in Red Hat CloudForms Management Engine 2.0 allow remote attackers to create and overwrite arbitrary files via a .. (dot dot) in the filename parameter to the (1) log, (2) upload, or
13-01-2014 - 23:24 28-09-2013 - 15:55
CVE-2013-3897 9.3
Use-after-free vulnerability in the CDisplayPointer class in mshtml.dll in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted JavaScript code that us
19-12-2013 - 23:36 09-10-2013 - 10:54
CVE-2013-6271 8.8
Android 4.0 through 4.3 allows attackers to bypass intended access restrictions and remove device locks via a crafted application that invokes the updateUnlockMethodAndFinish method in the com.android.settings.ChooseLockGeneric class with the PASSWOR
18-12-2013 - 09:42 14-12-2013 - 15:55
CVE-2013-5576 6.8
administrator/components/com_media/helpers/media.php in the media manager in Joomla! 2.5.x before 2.5.14 and 3.x before 3.1.5 allows remote authenticated users or remote attackers to bypass intended access restrictions and upload files with dangerous
30-11-2013 - 23:31 09-10-2013 - 10:54
CVE-2013-1892 6.0
MongoDB before 2.0.9 and 2.2.x before 2.2.4 does not properly validate requests to the nativeHelper function in SpiderMonkey, which allows remote authenticated users to cause a denial of service (invalid memory access and server crash) or execute arb
30-11-2013 - 23:27 01-10-2013 - 16:55
CVE-2013-6829 7.5
admin/confnetworking.html in PineApp Mail-SeCure allows remote attackers to execute arbitrary commands via shell metacharacters in the pinghost parameter during a ping operation.
21-11-2013 - 09:45 20-11-2013 - 09:12
CVE-2013-3336 5.0
Unspecified vulnerability in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to read arbitrary files via unknown vectors.
06-11-2013 - 23:39 09-05-2013 - 08:31
CVE-2013-3660 6.9
The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 does
02-11-2013 - 23:33 24-05-2013 - 16:55
CVE-2013-3346 10.0
Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, C
02-11-2013 - 23:32 30-08-2013 - 16:55
CVE-2012-3993 9.3
The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 does not properly interact with failures of InstallT
02-11-2013 - 23:26 10-10-2012 - 13:55
CVE-2013-1559 4.0
Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 10.1.3.5.1 and 11.1.1.6.0 allows remote authenticated users to affect availability via unknown vectors related to Content Server.
10-10-2013 - 23:50 17-04-2013 - 08:19
CVE-2013-4983 10.0
The get_referers function in /opt/ws/bin/sblistpack in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to end-user/index.php.
09-10-2013 - 10:51 10-09-2013 - 07:28
CVE-2013-3248 9.3
Untrusted search path vulnerability in Corel PDF Fusion 1.11 allows local users to gain privileges via a Trojan horse wintab32.dll file in the current working directory, as demonstrated by a directory that contains a .pdf or .xps file.
04-10-2013 - 12:37 03-10-2013 - 19:55
CVE-2013-4812 10.0
UpdateCertificatesServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 does not properly validate the fileName argument, which allows remote attackers to upload .j
25-09-2013 - 23:52 16-09-2013 - 09:01
CVE-2013-4811 10.0
UpdateDomainControllerServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 does not properly validate the adCert argument, which allows remote attackers to upload
25-09-2013 - 23:52 16-09-2013 - 09:01
CVE-2013-5696 6.8
inc/central.class.php in GLPI before 0.84.2 does not attempt to make install/install.php unavailable after an installation is completed, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and (1) perform a SQL injecti
23-09-2013 - 18:33 22-09-2013 - 23:49
CVE-2013-2113 6.0
The create method in app/controllers/users_controller.rb in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create or edit other users to gain privileges by (1) changing the admin flag or (2) assigning an arbitrary role
06-08-2013 - 17:47 31-07-2013 - 09:20
CVE-2013-4660 6.8
The JS-YAML module before 2.0.5 for Node.js parses input without properly considering the unsafe !!js/function tag, which allows remote attackers to execute arbitrary code via a crafted string that triggers an eval operation.
01-07-2013 - 10:51 28-06-2013 - 10:55
CVE-2013-4615 5.0
The Canon MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920, and MX922 printers allow remote attackers to cause a denial of service (device hang) via a crafted LAN_TXT24 parameter to English/pages_MacUS/cgi_lan.cgi followed by a direct reques
24-06-2013 - 18:31 21-06-2013 - 17:55
CVE-2013-4614 2.1
English/pages_MacUS/wls_set_content.html on the Canon MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920, and MX922 printers shows the Wi-Fi PSK passphrase in cleartext, which allows physically proximate attackers to obtain sensitive informati
24-06-2013 - 18:30 21-06-2013 - 17:55
CVE-2013-2333 10.0
Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1680.
06-06-2013 - 00:00 06-06-2013 - 09:02
CVE-2013-0136 8.5
Multiple directory traversal vulnerabilities in the EditDocument servlet in the Frontend in Mutiny before 5.0-1.11 allow remote authenticated users to upload and execute arbitrary programs, read arbitrary files, or cause a denial of service (file del
03-06-2013 - 00:00 01-06-2013 - 10:21
CVE-2010-0219 10.0
Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by u
09-05-2013 - 23:14 18-10-2010 - 13:00
CVE-2012-0266 9.3
Multiple stack-based buffer overflows in the NTR ActiveX control before 2.0.4.8 allow remote attackers to execute arbitrary code via (1) a long bstrUrl parameter to the StartModule method, (2) a long bstrParams parameter to the Check method, a long b
04-04-2013 - 23:07 14-01-2012 - 22:55
CVE-2009-2692 7.2
The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using
22-10-2012 - 23:09 14-08-2009 - 11:16
CVE-2008-4844 9.3
Use-after-free vulnerability in the CRecordInstance::TransferToDestination function in mshtml.dll in Microsoft Internet Explorer 5.01, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via DSO bindings involving (1) an XML Island, (2)
10-01-2012 - 00:00 11-12-2008 - 10:30
CVE-2010-3765 9.3
Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related
25-07-2011 - 00:00 27-10-2010 - 20:00
CVE-2009-3103 10.0
Array index error in the SMBv2 protocol implementation in srv2.sys in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC allows remote attackers to execute arbitrary code or cause a denial of service (syste
24-06-2011 - 00:00 08-09-2009 - 18:30
CVE-2008-5626 4.0
XM Easy Personal FTP Server 5.6.0 allows remote authenticated users to cause a denial of service via a crafted argument to the NLST command, as demonstrated by a -1 argument.
07-03-2011 - 22:14 17-12-2008 - 12:30
CVE-2008-4696 4.3
Cross-site scripting (XSS) vulnerability in Opera.dll in Opera before 9.61 allows remote attackers to inject arbitrary web script or HTML via the anchor identifier (aka the "optional fragment"), which is not properly escaped before storage in the His
07-03-2011 - 22:12 23-10-2008 - 18:00
CVE-2008-4556 10.0
Stack-based buffer overflow in the adm_build_path function in sadmind in Sun Solstice AdminSuite on Solaris 8 and 9 allows remote attackers to execute arbitrary code via a crafted request.
07-03-2011 - 22:12 14-10-2008 - 18:36
CVE-2007-1070 10.0
Multiple stack-based buffer overflows in Trend Micro ServerProtect for Windows and EMC 5.58, and for Network Appliance Filer 5.61 and 5.62, allow remote attackers to execute arbitrary code via crafted RPC requests to TmRpcSrv.dll that trigger overflo
07-03-2011 - 21:51 21-02-2007 - 06:28
CVE-2006-6076 10.0
Buffer overflow in the Tape Engine (tapeeng.exe) in CA (formerly Computer Associates) BrightStor ARCserve Backup 11.5 and earlier allows remote attackers to execute arbitrary code via certain RPC requests to TCP port 6502.
07-03-2011 - 21:45 24-11-2006 - 12:07
CVE-2008-6898 9.3
Buffer overflow in the XHTTP Module 4.1.0.0 in the ActiveX control for SaschArt SasCam Webcam Server 2.6.5 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long argument to the Get method and other unspecif
13-07-2010 - 01:39 05-08-2009 - 18:30
CVE-2009-2288 7.5
statuswml.cgi in Nagios before 3.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) ping or (2) Traceroute parameters.
03-04-2010 - 01:30 01-07-2009 - 09:00
CVE-2009-2336 5.0
The forgotten mail interface in WordPress and WordPress MU before 2.8.1 exhibits different behavior for a password request depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. NOTE: the vendor rep
19-08-2009 - 01:28 10-07-2009 - 17:00
CVE-2009-2335 5.0
WordPress and WordPress MU before 2.8.1 exhibit different behavior for a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. NOTE: the vendor reportedly disputes the signific
19-08-2009 - 01:28 10-07-2009 - 17:00
CVE-2009-1943 10.0
Stack-based buffer overflow in the IKE service (ireIke.exe) in SafeNet SoftRemote before 10.8.6 allows remote attackers to execute arbitrary code via a long request to UDP port 62514.
11-06-2009 - 00:00 05-06-2009 - 17:30
CVE-2009-1730 10.0
Multiple directory traversal vulnerabilities in NetMechanica NetDecision TFTP Server 4.2 allow remote attackers to read or modify arbitrary files via directory traversal sequences in the (1) GET or (2) PUT command.
20-05-2009 - 00:00 20-05-2009 - 14:30
CVE-2009-0837 10.0
Stack-based buffer overflow in Foxit Reader 3.0 before Build 1506, including 1120 and 1301, allows remote attackers to execute arbitrary code via a long (1) relative path or (2) absolute path in the filename argument in an action, as demonstrated by
21-03-2009 - 01:55 10-03-2009 - 16:30
CVE-2009-0255 5.0
The System extension Install tool in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 creates the encryption key with an insufficiently random seed, which makes it easier for attackers to crack the key.
29-01-2009 - 00:00 22-01-2009 - 18:30
CVE-2005-2120 6.5
Stack-based buffer overflow in the Plug and Play (PnP) service (UMPNPMGR.DLL) in Microsoft Windows 2000 SP4, and XP SP1 and SP2, allows remote or local authenticated attackers to execute arbitrary code via a large number of "\" (backslash) characters
10-09-2008 - 15:41 13-10-2005 - 06:02
CVE-1999-0504 7.5
A Windows NT local user or administrator account has a default, null, blank, or missing password.
09-09-2008 - 08:34 01-01-1997 - 00:00
CVE-2005-4734 6.4
Stack-based buffer overflow in IISWebAgentIF.dll in RSA Authentication Agent for Web (aka SecurID Web Agent) 5.2 and 5.3 for IIS allows remote attackers to execute arbitrary code via a long url parameter in the Redirect method.
05-09-2008 - 16:57 31-12-2005 - 00:00
CVE-2004-2221 7.5
Buffer overflow in SoftCart.exe in Mercantec SoftCart 4.00b allows remote attackers to execute arbitrary code via a long parameter in an HTTP GET request.
05-09-2008 - 16:43 31-12-2004 - 00:00
Back to Top Mark selected
Back to Top