Displaying 38041 - 38060 of 38219

CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

This strike exploits a buffer overflow in HPs Operations Agent where a malformed HEALTH packet can overflow a stack buffer.

CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

This strike exploits a stack buffer overflow vulnerability in ICONICS Genesis32 WebHMI. The flaw is due to a lack of input validation by the SetActiveXGUID method. A remote, unauthenticated attacker could exploit this vulnerability by enticing a target user to view a specially crafted web page.

CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

This strike identifies a buffer overflow vulnerability in ProShow Gold ver 4.0.2549. A buffer gets clobbered allowing for remote code execution.

CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

This strike exploits a remote code execution vulnerability in Adobe Flash Player. The vulnerability is due to a Use-After-Free in MovieClip.attachBitmap. An attacker can entice a target to open a specially crafted flash file to trigger the vulnerability. Successful exploitation may result in execution of arbitrary code or abnormal termination of the flash process.

CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

This strike exploits a use after free vulnerability in Microsoft Internet Explorer. If an element is removed such as in this case with removeNode and then later used in the event handler for DOMNodeRemoved, a use-after-free condition will occur when trying to call this object because it has been deleted.

CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

This strike exploits an arbitrary code execution vulnerability in PineApp Mail-SeCure. A specially crafted HTTP request can be sent to confpremenu.php to execute arbitrary commands with privileges of the qmailq user.

CVSS: 6.3 (AV:N/AC:M/Au:S/C:C/I:N/A:N)

This strike exploits a root file system access vulnerability in Samba Server. If the registry share definition enabled, the code fails to validate that the share name entered is empty in the TREE CONNECT command, and maps it to the root node of the local filesystem. This does not allow for write permissions, however read access is granted.

CVSS: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)

This strike exploits an invalid memory access vulnerability in Oracle Java Web Start. When the method processes the unicode parameters, it takes each the 16-bit character and uses it as an index in the Base64 lookup table. It does not perform bounds-checking properly on the index against the lookup table size which allows for an out-of-bounds read access causing the javaws.exe process to crash....

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

This strike exploits a vulnerability in RealNetworks Helix Server Products. When handling Base64encoded NTLM Authentication strings of an invalid size, the vulnerable code returns -1 because of a decoding error. This value is then used as a counter to copy data to a heap buffer without validating the error resulting in memory corruption.

CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

This strike exploits a Memory Corruption vulnerability in Mozilla Firefox. The vulnerability is due to error while handling first-letter pseudo elements. An attacker could exploit this vulnerabilty by enticing a user to view a malicious web page, executing arbitrary code on the victim machine.

CVSS: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

This strike exploits a null pointer dereference vulnerability in Digium Asterisk. A pointer is set to null when a session is closed. If the session is closed during an off-hook state, that pointer is later dereferenced. Successful exploitation would result in abnormal termination of the server, resulting in a denial of service condition.