Displaying 141 - 160 of 38146
Last import : Feb 18 09:20

CVSS: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)

This strike exploits the insecure way that libraries are searched for by Mozilla Firefox and Mozilla Thunderbird that could result in the loading of a malicious file.

CVSS: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)

This strike exploits a vulnerability in Mozilla Firefox. This vulnerability violates the same origin policy which prevents a document or script loaded from one origin from getting or setting properties of a document from another origin. This document can read the property of the window object with a different origin, which leads to the disclosure of the URL information for that window object.

CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

This strike exploits a vulnerability in Fujitsu SystemcastWizard Lite. When receiving UDP packets the PXE component allocates a fixed size buffer of 0x400 bytes in heap memory. Later it copies packet data of up to 0x5DC bytes in the said buffer, which overwrites critical data.

CVSS: 7.8 (AV:N/AC:L/Au:N/C:C/I:N/A:N)

This strike exploits a vulnerability in the Oracle Document Capture EasyMail ActiveX control. Improper validation within ImportBodyTextEx, ImportBodyText and ImportBodyTextAlternative methods allows for arbitrary file system read.

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

This strike exploits SQL injection vulnerabilities in Sinapsi eSolar Light Photovoltaic System Monitor.

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

This strike exploits a vulnerability in the Oracle WebCenter Forms Recognition ActiveX control. A lack of path validation in Save method allows the remote attacker to potentially execute arbitrary code.

CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

This strike exploits a Stack Buffer overflow vulnerability in Symantecs Alert Management System 2 IAO Service. The vulnerability is due to a boundary error in the IAO service when processing Bind Remove messages passed by msgsys.exe. The service copies message parameters into a stack buffer of 0x400, without validating its size. Data supplied with a larger value will overflow this buffer.

CVSS: 7.8 (AV:N/AC:L/Au:N/C:C/I:N/A:N)

This strike exploits a backdoor username and password in Novells ZENWorks Asset Management. This account is hardcoded into the source and cannot be disabled.

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

This strike exploits a vulnerability in the Oracle WebCenter Forms Recognition ActiveX control. A lack of path validation in SaveLayout method allows the remote attacker to potentially execute arbitrary code.

CVSS: 9.4 (AV:N/AC:L/Au:N/C:N/I:C/A:C)

This strike exploits a vulnerability in Oracles Document Capture where a malformed request to an ActiveX / Javascript function, WriteJPG, will clobber a stack buffer.

CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

This strike exploits an arbitrary command execution vulnerability in SAPs NetWeaver via their SOAP interface.

CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

This strike exploits a vulnerability in the IBM Lotus Quickr QuickPlace ActiveX control. Lack of boundary checking causes a string copy in either Attachment Times or Import Times properties to write past the end of a buffer.

CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

This strike exploits the insecure way that libraries are searched for by Mozilla Firefox that could result in the loading of a malicious file when opening an HTML file.

CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

This strike identifies a vulnerability in Microsoft Excel. It exists within the OBJECTLINK record. If an OBJECTLINK record has a wLinkObj value of 4 and is linked to a single data point the wLinkVar2 is used as an index into the Series specified by wLinkVar1. wLinkVar2 is not properly validated. If the value exceeds 31999 0x7CFF, the application will read a memory location outside of the wLinkObj...

CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

This strike exploits a vulnerability in the Microsoft Data Analyzer ActiveX control. A Use-After-Free error while parsing user interface objects alows the remote attacker to execute arbitrary code on the target system.

CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

This strike exploits a memory corruption vulnerability in Safari 5.1.7 and before both desktop and mobile.

CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)

This strike exploits a flaw in Ciscos AnyConnect software where a previous version of the software may be loaded which contains known vulnerabilities. Then an attacker may use vulnerabilities in that software for an attack. Since the attacker can control the file that is downloaded, any arbitrary file can be delivered.

CVSS: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)

This strike exploits an information disclosure vulnerability in Internet Explorer. The vulnerability is due to a lack of permission enforcement on content sourced from outside the current domain. By specially crafting a web page, an attacker could exploit this vulnerability to access content outside any current domain, or Internet Explorer Zone, security settings.

CVSS: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

This strike exploits a vulnerability in Microsoft Host Integration Server. Specifically an input validation error occurs when handling packets with the payload size field of 0. Improper validation occurs when the packet calculates the size and then tries to subtract 2 counting for the size of the field itself. This value is then used as a parameter which returns a value of 0. The infinite loop occurs...

CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

This strike exploits a command injection vulnerability in Sinapsi eSolar Light Photovoltaic System Monitor.

Pages