Displaying 38181 - 38200 of 38219

CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

This strike exploits a remote code execution vulnerability in Microsoft Active Template Library (ATL). The vulnerablity lies within the CComVariant::ReadFromStream function used to parse the ATL header. By enticing a user to view a malicious web page, an attacker could execute arbitrary code within the security context of the victim user.

CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

This strike exploits a lack of authentication and a directory traversal vulnerability in Novell iManager. The getMultiPartParameters function does not check for authentication nor for directory traversal characters. This allows an unauthenticated user to upload a an arbitrary file to any directory on the target Machine.

CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

This strike exploits a remote code execution vulnerability in Microsoft Internet Explorer (IE). The vulnerability occurs when Internet Explorer attempts to access a previously freed object. By enticing a user to view a malicious web page, an attacker can remotely execute arbitrary code.

CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

This strike exploits a memory corruption vulnerability in Microsoft Word. The vulnerability is caused by a memory handling error while parsing CSS styles in HTML-formatted files. A remote attacker could exploit this vulnerability by enticing a user to open a malicious web page, causing arbitrary code to be executed with the privileges of the user.

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

This strike exploits a vulnerability in HPs Intelligent Management Center where an unauthenticated user may download an arbitrary file.

CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

This strike exploits a denial of service vulnerability in Xion Audio Player when handling maliciously crafted .aiff files.

CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

This strike exploits a integer vulnerability inside Microsoft Internet Explorer. The length field of a dashstyle array is not validated properly, and when this property is passed a negative value an attacker modify data inside the array.

CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

This strike exploits a remote code execution vulnerability in Adobe Flash Player. The vulnerability is due to an out-of-bound memory access in the DeleteRangeTimelineOperation class. An attacker can entice a target to open a specially crafted flash file to trigger the vulnerability. Successful exploitation may result in execution of arbitrary code or abnormal termination of the flash process.

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

This strike exploits a stack buffer overflow in Sunway ForceControl. Because of improper validation, a 0x53 request to the vulnerable service with a Struct length field of more than 0x40 can overflow the stack.

CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

This strike exploits a denial of service in TVMObili when sending an specifically crafted HTTP request to the service listneing on port 30888.

CVSS: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)

This strike exploits a cross-site scripting vulnerability in Cisco Unified Operations Manager Common Services Framework. Certain parameters passed in the URL are not sanitized properly. These values will be used later, and can be used to execute scripting code.

CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

This strike exploits a stack over flow in Destiny Media Player. Due to a lack of proper validation, an overly string can overflow data on the stack when a playlist file is opened.

Pages