Displaying 38021 - 38040 of 38219

CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

This strike exploits a remote code execution vulnerability in Adobe Flash Player. The vulnerability is due to a Use-After-Free in call methods on a MovieClip. An attacker can entice a target to open a specially crafted flash file to trigger the vulnerability. Successful exploitation may result in execution of arbitrary code or abnormal termination of the flash process.

CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

This strike exploits an information disclosure vulnerability in HP Lefthands Appliance Server. The vulnerability is to due a design weakness within the hydra component that processes snapshot requests. The server will respond to form2 requests with important system information, including hashed used passwords, regardless of the source of the request. A remote attacker could exploit this vulnerability...

CVSS: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)

This strike exploits a vulnerability in SnackAmp Music Player. When opening a file that contains an overly large amount of data a denial of service condition can occur.

CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

This strike exploits a memory access vulnerability in Quest InTrust. The vulnerability is due to a flawed ActiveX control, which allows a user to specify a function pointer. A remote, unauthenticated attacker could exploit this vulnerability by enticing a user to view a specially crafted web page.

CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

This strike exploits a stack overflow in Citrix Provisioning Service when handling the opcode 0x40020006. If this opcode is received the vulnerable code tries to copy length 2 into a fixed stack buffer of 0x200, however, if the length is 0 an integer underflow will occur and it will try to copy 0xFFFFFFFF characters onto the which stack which will overflow the buffer.

CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

This strike exploits a buffer overflow in HP StorageWorks File Migration Agent. Certain crafted message data in HP StorageWorks Config messages with opcode 0x22 can overflow a stack buffer. Successful exploitation can result in execution of arbitrary code or abnormal termination of the File Migration Agent application

CVSS: 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)

This strike exploits a DOS vulnerability in HP Data Protector Raima Database Server. The vulnerability presents when a specially crafted packet contains malicious buffer size is sent.

CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

This strike identifies a vulnerability in Persits XUpload ActiveX control MakeHttpRequest method. When a string with ../ is processed files can be written to specified locations.

CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

This strike exploits a vulnerability in VLC Media Player. The SMB server name and share name are copied into a fixed stack buffer without proper validation. When handling HTTP requests where the SMB URI is greater than 250 bytes the stack buffer will overflow.

CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

This strike exploits an authentication bypass vulnerability in Adobe ColdFusion. The flaw is due to a lack of authentication validation by the ColdFusion administration web console when creating a scheduled task. A remote unauthenticated attacker could exploit this vulnerability by enticing an authenticated user to view a malicious web page. Exploitation of this vulnerability could allow an attacker...

CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

This strike exploits a buffer overflow vulnerability in ProFTP client 2.9. The vulnerability is due to failure to sanitize input when view an FTP server welcome message. By enticing a user to view a crafted FTP welcome message, an attacker could remotely execute arbitrary code.

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

This strike exploits a stack buffer overflow vulnerability in Digium Asterisk. The content of the sprop-parameter-sets parameter in an SDP header is copied to a fixed length buffer without validation. Successful exploitation could result in execution of arbitrary code or abnormal termination of the Digium Asterisk, leading to a denial of service condition.

CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

This strike exploits a code execution vulnerability in Microsoft Word. The vulnerability is due to an error parsing certain ActiveX objects embedded within document files. This vulnerability can lead to arbitrary code execution in the context of the current user.

Pages