Displaying 21 - 40 of 37686
Last import : Mar 10 18:50

CVSS: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

This strike exploits a denial-of-server vulnerability in MySql Database Server. The vulnerability is due to insufficient validation of user supplied input in a geometry query. An authenticated user can exploit this vulnerability by sending a specially crafted geometry query.

CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

This strike exploits a stack buffer overflow in HP Lefthand's Appliance Server. In this strike the default credentials are used to issue a Diag request to the hydra service. Because of improper validation if the diag value in getListSafeTest and getListSupportTest requests. A maximum heap buffer of 0x1000 bytes is allocated in which the value is strcpy to. If a null character is found at the end...

CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

This strike exploits a lack of authentication and a directory traversal vulnerability in Novell iManager. The getMultiPartParameters function does not check for authentication nor for directory traversal characters. This allows an unauthenticated user to upload a an arbitrary file to any directory on the target machine.

CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

This strike exploits a stack buffer overflow in HP Lefthand's Appliance Server. In this strike the default credentials are used to issue an snmp request to the hydra service. Because of improper validation if the community string contains testTrap followed by data with a size greater than 0x410 bytes, a stack buffer will overflow.

CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

This strike exploits a flaw in HP's Intelligent Management Center where a user can upload a zip file which in turn clobbers arbitrary files.

CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

This strike exploits a use after free vulnerability in Microsoft Internet Explorer. When a sub or sup element calls the Justify* commands multiple times, a use-after-free can occur.

CVSS: 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)

This strike exploits a flaw in the Squid Proxy Server where a malformed language name will put the server into an infinite loop.

CVSS: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

This strike exploits an integer overflow vulnerability in MySql Database Server. The vulnerability is due to insufficient validation of user supplied input while parsing a geometry query. An authenticated user can exploit this vulnerability by sending a specially crafted geometry query.

CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

This strike exploits a flaw in Nagios XI's Alert Cloud which is vulnerable to a cross site scripting attack.

CVSS: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)

This strike exploits a vulnerability in Microsoft's Internet Explorer where some contents of memory can be leaked and that leakage can lead to an attacker finding a way around memory protection.

CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

This strike exploits a buffer overflow in Viscom's Movie Player Pro ActiveX control MOVIEPLAYER.MoviePlayerCtrl.1. The strFontName parameter is not properly validated, and if an overly long string is received it will overflow the buffer.

CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

This strike exploits a vulnerability in Novell Zenworks Handheld Management. If the connection packet contains an opcode of 0x01 or 0x02, the following packet can be crafted to overflow a heap buffer. Successful exploitation may result in execution of arbitrary code or abnormal termination causing a denial of service condition.

CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

This strike exploits a buffer overflow vulnerability in WellinTech KingView KingMess. A specially crafted KVL file will cause a stack buffer overflow. Successful exploitation may result in execution of arbitrary code with user privileges or abnormal termination of the KingMess program.

CVSS: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

This strike exploits a resource exhaustion vulnerability in Digium Asterisk. When receiving an HTTP POST request to certain URLs, Asterisk HTTP management interface allocates a heap buffer of Content-Length + 1. An attacker could send specially crafted messages with large Content-Length values to exhaust heap memory. Successful exploitation could lead to a denial of service condition.

CVSS: 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)

This strike exploits a denial of service vulnerability in Squid Proxy Server. A specially crafted Vary header can be used to cause Squid Proxy Server to terminate abnormally, terminating any current sessions. It will be restarted by Squid Monitor. Repeated attacks will cause Squid Monitor to exit without restarting Squid Proxy Server, causing a denial of service condition.

CVSS: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)

This strike exploits a remote code execution vulnerability in Oracle Java. The vulnerability can be exploited due to insecure use of certain JMX classes. Successful exploitation of these vulnerabilities could result in the execution of arbitrary Java code on the target system.

CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

This strike exploits a flaw in Mozilla products when a large number of fonts referenced will overflow an array.

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

This strike exploits a vulnerability in SAP NetWeaver's Message Server. Specifically, when a request to the server is processed that has the iflag field set to 05 and the optcode 15, the buffer_size field is calculated with a max of 78 bytes. Because it is not validated, data with a size greater than 78 bytes will overflow this buffer.

CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

This strike exploits a use after free vulnerability in Microsoft Internet Explorer. A use after free condition occurs if an HTML element, which has a style attribute defined in an HTC file that in turn runs a garbage collection when some attribute of the element is set, is defined and then removed from the DOM using the removeChild function.

CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

This strike exploits a flaw in VMware's OVF Tool where a malformed string can lead to memory corruption.

Pages