Displaying 38201 - 38219 of 38219

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

This strike exploits a SQL injection vulnerability in Symantec IM Manager. The vulnerability is due to a failure to properly validate parameters in HTTP requests to IMAdminLDAPConfig.asp. A remote attacker could exploit this vulnerability by enticing an authenticated user to view a malicious web page, resulting in execution of arbitrary SQL code against the IM Manager database.

CVSS: 6.2 (AV:L/AC:H/Au:N/C:C/I:C/A:C)

This strike exploits a Denial-of-ServerDoS bug in the Android kernel where writing to the same file on the SD card multiple times causes the kernel to crash and device to reboot.

CVSS: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

This strike exploits a denial of service vulnerability in Symantecs Intel Alert Handler Service. The sizeValueN is used to calculate the next parameter, and if an overly large value is used for this parameter random memory is accessed resulting in a denial of service condition.

CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

This strike exploits a vulnerability found on the Citrix Provisioning Service. A specially crafted packet sent to the service associated with the streamprocess.exe executable listening on UDP/6905 will generate a buffer overflow and can subsequently lead to remote system takeover.

CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

This strike exploits a vulnerability in Novell NetIdentity that is due to a pointer dereference in xtagent.exe when handling RPC messages over the XTIERRPCPIPE pipe.

CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

This strike exploits a flaw in Adobe Reader where a malformed Portable Document Format with embedded Javascript assigns more data to an array than it declares.

CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)

This strike exploits a vulnerability in the Microsoft Edge browser. Specifically, the vulnerability exists in the Javascript Chakra engine. It is possible to bypass the check whether a given object is an array by wrapping an object with the CrossSite class to replace the vtable of the object. This may lead to a denial of service condition in the browser, or potentially remote code execution.

CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

This strike exploits a vulnerability in Lotus Notes LZH Attachment Viewer. If the lzh Header Field is less than 0x13, an integer underflow occurs. This value is later used by memcpy, causing a stack buffer overflow. Successful exploitation could result in execution of arbitrary code or abnormal termination of Lotus Notes.

CVSS: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)

This strike exploits one of five cross-site scripting vulnerabilities in HP OpenView Network Node Manager via HTTP GET request.

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

This strike exploits Movable Type 4.2x, 4.3x upgrade script to gain remote code execution on target server.

CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

This strike exploits a use after free vulnerability in Microsoft Internet Explorer and Edge Browsers. Specifically, if a font element's lang attribute is set to a string, and then its node value is set to null, the string is freed. Later a call to reference this lang attribute will result in a user after free condition. An attacker can use this attack to disclose memory information that can...

CVSS: 5.7 (AV:N/AC:M/Au:N/C:N/I:P/A:P)

This strike exploits a file deletion vulnerability within Novell iPrint Clients ActiveX control. If the CleanupUploadFiles method is called it deletes the files in the ziPFilePath parameter without any validation of the parameter. In this attack the folder named removeme will be deleted from C:\.