Displaying 38181 - 38200 of 38219

CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

This strike exploits a denial of service in TVMObili when sending an specifically crafted HTTP request to the service listneing on port 30888.

CVSS: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)

This strike exploits a cross-site scripting vulnerability in Cisco Unified Operations Manager Common Services Framework. Certain parameters passed in the URL are not sanitized properly. These values will be used later, and can be used to execute scripting code.

CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

This strike exploits a stack over flow in Destiny Media Player. Due to a lack of proper validation, an overly string can overflow data on the stack when a playlist file is opened.

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

This strike exploits a SQL injection vulnerability in Symantec IM Manager. The vulnerability is due to a failure to properly validate parameters in HTTP requests to IMAdminLDAPConfig.asp. A remote attacker could exploit this vulnerability by enticing an authenticated user to view a malicious web page, resulting in execution of arbitrary SQL code against the IM Manager database.

CVSS: 6.2 (AV:L/AC:H/Au:N/C:C/I:C/A:C)

This strike exploits a Denial-of-ServerDoS bug in the Android kernel where writing to the same file on the SD card multiple times causes the kernel to crash and device to reboot.

CVSS: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

This strike exploits a denial of service vulnerability in Symantecs Intel Alert Handler Service. The sizeValueN is used to calculate the next parameter, and if an overly large value is used for this parameter random memory is accessed resulting in a denial of service condition.

CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

This strike exploits a vulnerability found on the Citrix Provisioning Service. A specially crafted packet sent to the service associated with the streamprocess.exe executable listening on UDP/6905 will generate a buffer overflow and can subsequently lead to remote system takeover.

CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

This strike exploits a vulnerability in Novell NetIdentity that is due to a pointer dereference in xtagent.exe when handling RPC messages over the XTIERRPCPIPE pipe.

CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

This strike exploits a flaw in Adobe Reader where a malformed Portable Document Format with embedded Javascript assigns more data to an array than it declares.

CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)

This strike exploits a vulnerability in the Microsoft Edge browser. Specifically, the vulnerability exists in the Javascript Chakra engine. It is possible to bypass the check whether a given object is an array by wrapping an object with the CrossSite class to replace the vtable of the object. This may lead to a denial of service condition in the browser, or potentially remote code execution.

CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

This strike exploits a vulnerability in Lotus Notes LZH Attachment Viewer. If the lzh Header Field is less than 0x13, an integer underflow occurs. This value is later used by memcpy, causing a stack buffer overflow. Successful exploitation could result in execution of arbitrary code or abnormal termination of Lotus Notes.

CVSS: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)

This strike exploits one of five cross-site scripting vulnerabilities in HP OpenView Network Node Manager via HTTP GET request.

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

This strike exploits Movable Type 4.2x, 4.3x upgrade script to gain remote code execution on target server.

Pages