Displaying 38141 - 38160 of 38219

CVSS: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)

This strike exploits a cross site scripting vulnerability in Microsoft Internet Explorer. When parsing HTML code with certain control characters from the EUC-JP library, the character will be handled improperly if it is at certain locations in the code, causing the following character to be removed, changing how the HTML will be parsed by the browser. Scripts can be hidden in the HTML in a manner...

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

This strike exploits a vulnerability in HPs Intelligent Management Center where an unauthenticated user may download an arbitrary file.

CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

This strike exploits a vulnerability in the Serva HTTP Server. By sending a malformed GET HTTP request to the remote Machine, a denial of service condition occurs.

CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

This strike exploits a double free memory corruption vulnerability in Microsoft Windows Internet Explorer. The vulnerability lies in the handling of svg element properties. By enticing a user to view a malicious web page, an attacker could execute arbitrary code on the victim machine in the context of the user.

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

This strike exploits an arbitrary code execution vulnerability in Novel ZENworks Mobile Management. A crafted HEAD message to download.php can be sent to store arbitrary PHP code in a temporary file. A crafted POST message to DUSAP.php can then be sent to execute the code in the file.

CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

This strike exploits a buffer overflow vulnerability in Simple Open Music Player when handling crafted m3u files with an overly large amount of data.

CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

This strike exploits multiple denial of service vulnerabilities in Nero MediaHome. By sending requests to the server that contain either an overly large URI or maliciously crafted headers, the attacker can cause a stack buffer to overflow causing a denial of service condition to occur.

CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

This strike exploits a remote code execution vulnerability in Apple Safari. The flaw occurs when handling CSS text object.

CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

This strike exploits a vulnerability in HP Power Manager Server. If an HTP request is sent to the Login URI the code copies the login variable into a fixed stack buffer of 198 bytes. If a larger amount than this is received it will overwrite critical data.

CVSS: 8.5 (AV:N/AC:M/Au:S/C:C/I:C/A:C)

This strike exploits a command execution vulnerability in Trend Micro InterScan Web Security Virtual Appliance IWSVA.

CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

This strike identifies a vulnerability in Microsoft Internet Information Services. If FastCGI is enabled then a buffer of 944 bytes is allocated to store the pointer and size values of HTTP header fields. This code calculates enough space for 59 headers and re-sizes the buffer accordingly. The code does not properly take into consideration pre-defined headers, so those parameters are added to the...

CVSS: 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)

Microsoft Windows contains a kernel memory exhaustion vulnerability. During TCP tear-down, if a client responds to a FIN packet with an ACK packet containing a window size of 0, the server will not complete the session tear-down. Repeated incomplete tear-downs will exhaust kernel memory, leading to a denial of service condition. Note: This exploit requires many incomplete tear-downs to reach the DoS...

CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

This strike exploits a code execution vulnerability in Microsoft Office Excel. The vulnerability is due to a Use-After-Free error while parsing SST Records in Excel files. This vulnerability can lead to arbitrary code execution in the context of the current user.

CVSS: 8.5 (AV:N/AC:M/Au:S/C:C/I:C/A:C)

This strike exploits a memory corruption vulnerability within Novell GroupWise Messenger. The vulnerability is due to insufficient checking of the type value in the request. A remote attacker may take advantage of this vulnerability to execute the memory corruption attack on the target system.

Pages