Displaying 38161 - 38180 of 38219

CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

This strike exploits multiple denial of service vulnerabilities in Nero MediaHome. By sending requests to the server that contain either an overly large URI or maliciously crafted headers, the attacker can cause a stack buffer to overflow causing a denial of service condition to occur.

CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

This strike exploits a remote code execution vulnerability in Apple Safari. The flaw occurs when handling CSS text object.

CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

This strike exploits a vulnerability in HP Power Manager Server. If an HTP request is sent to the Login URI the code copies the login variable into a fixed stack buffer of 198 bytes. If a larger amount than this is received it will overwrite critical data.

CVSS: 8.5 (AV:N/AC:M/Au:S/C:C/I:C/A:C)

This strike exploits a command execution vulnerability in Trend Micro InterScan Web Security Virtual Appliance IWSVA.

CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

This strike identifies a vulnerability in Microsoft Internet Information Services. If FastCGI is enabled then a buffer of 944 bytes is allocated to store the pointer and size values of HTTP header fields. This code calculates enough space for 59 headers and re-sizes the buffer accordingly. The code does not properly take into consideration pre-defined headers, so those parameters are added to the...

CVSS: 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)

Microsoft Windows contains a kernel memory exhaustion vulnerability. During TCP tear-down, if a client responds to a FIN packet with an ACK packet containing a window size of 0, the server will not complete the session tear-down. Repeated incomplete tear-downs will exhaust kernel memory, leading to a denial of service condition. Note: This exploit requires many incomplete tear-downs to reach the DoS...

CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

This strike exploits a code execution vulnerability in Microsoft Office Excel. The vulnerability is due to a Use-After-Free error while parsing SST Records in Excel files. This vulnerability can lead to arbitrary code execution in the context of the current user.

CVSS: 8.5 (AV:N/AC:M/Au:S/C:C/I:C/A:C)

This strike exploits a memory corruption vulnerability within Novell GroupWise Messenger. The vulnerability is due to insufficient checking of the type value in the request. A remote attacker may take advantage of this vulnerability to execute the memory corruption attack on the target system.

CVSS: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)

This strike exploits a heap buffer overflow vulnerability in Digium Asterisk. The program fails to check the number of KEYPAD BUTTON MESSAGE messages sent and will write them to a fixed length buffer. Successful exploitation can result in execution of arbitrary code or abnormal termination of the program, resulting in a denial of service condition.

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

This strike exploits a command execution vulnerability in the Redmine repository controller when passing an arbitrary command to the rev parameter.

CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

This strike exploits a remote code execution vulnerability in Adobe Flash Player. The vulnerability is due to a Use-After-Free in Stage Align Setter. An attacker can entice a target to open a specially crafted flash file to trigger the vulnerability. Successful exploitation may result in execution of arbitrary code or abnormal termination of the flash process.

CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)

This strike exploits a vulnerability in the Microsoft Edge browser. Specifically, the vulnerability exists in the Javascript Chakra engine. It is possible to bypass the check whether a given object is an array by wrapping an object with the CrossSite class to replace the vtable of the object. This may lead to a denial of service condition in the browser, or potentially remote code execution.

CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

This strike exploits a vulnerability in Lotus Notes LZH Attachment Viewer. If the lzh Header Field is less than 0x13, an integer underflow occurs. This value is later used by memcpy, causing a stack buffer overflow. Successful exploitation could result in execution of arbitrary code or abnormal termination of Lotus Notes.

CVSS: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)

This strike exploits one of five cross-site scripting vulnerabilities in HP OpenView Network Node Manager via HTTP GET request.

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

This strike exploits Movable Type 4.2x, 4.3x upgrade script to gain remote code execution on target server.

Pages