Displaying 141 - 160 of 37686
Last import : Jun 21 13:40

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

This strike exploits a vulnerability in the Oracle WebCenter Forms Recognition ActiveX control. A lack of path validation in SaveLayout() method allows the remote attacker to potentially execute arbitrary code.

CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

This strike exploits a vulnerability in the Microsoft Data Analyzer ActiveX control. A use after free error while parsing user interface objects alows the remote attacker to execute arbitrary code on the target system.

CVSS: 7.8 (AV:N/AC:L/Au:N/C:C/I:N/A:N)

This strike exploits a vulnerability in the Oracle Document Capture EasyMail ActiveX control. Improper validation within ImportBodyTextEx(), ImportBodyText() and ImportBodyTextAlternative() methods allows for arbitrary file system read.

CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

This strike exploits a memory corruption vulnerability in Safari 5.1.7 and before (both desktop and mobile).

CVSS: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)

This strike exploits an information disclosure vulnerability in Internet Explorer. The vulnerability is due to a lack of permission enforcement on content sourced from outside the current domain. By specially crafting a web page, an attacker could exploit this vulnerability to access content outside any current domain, or Internet Explorer Zone, security settings.

CVSS: 9.4 (AV:N/AC:L/Au:N/C:N/I:C/A:C)

This strike exploits a vulnerability in Oracle's Document Capture where a malformed request to an ActiveX / Javascript function, WriteJPG, will clobber a stack buffer.

CVSS: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

This strike exploits a vulnerability in Microsoft Host Integration Server. Specifically an input validation error occurs when handling packets with the payload size field of 0. Improper validation occurs when the packet calculates the size and then tries to subtract 2 counting for the size of the field itself. This value is then used as a parameter which returns a value of 0. The infinite loop occurs...

CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

This strike exploits a Stack Buffer overflow vulnerability in Symantec's Alert Management System 2 IAO Service. The vulnerability is due to a boundary error in the IAO service when processing "Bind Remove" messages passed by msgsys.exe. The service copies message parameters into a stack buffer of 0x400, without validating its size. Data supplied with a larger value will overflow this...

CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

This strike exploits an arbitrary command execution vulnerability in SAP's NetWeaver via their SOAP interface.

CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

This strike exploits a flaw in Adobe Reader where a malformed Portable Document Format with geo-spatial data can clobber a stack buffer.

CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

This strike exploits a vulnerability in Fujitsu SystemcastWizard Lite. When receiving UDP packets the PXE component allocates a fixed size buffer of 0x400 bytes in heap memory. Later it copies packet data of up to 0x5DC bytes in the said buffer, which overwrites critical data.

CVSS: 7.8 (AV:N/AC:L/Au:N/C:C/I:N/A:N)

This strike exploits a backdoor username and password in Novell's ZENWorks Asset Management. This account is hardcoded into the source and cannot be disabled.

CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

This strike exploits the insecure way that libraries are searched for by Mozilla Firefox that could result in the loading of a malicious file when opening an HTML file.

CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

This strike exploits a vulnerability in Microsoft Office Wordpad and Text Converter which can be viewed in Microsoft Office 2003. This overflow happens because the dictionary property of this document is not properly validate the NumEntries field which is used to calculate a heap buffer size by multiplying it with 12. A crafted NumEntries value of larger than 0x155555 would overflow the 4-byte...

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

This strike exploits SQL injection vulnerabilities in Sinapsi eSolar Light Photovoltaic System Monitor.

CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

This strike exploits a vulnerability in the IBM Lotus Quickr QuickPlace ActiveX control. Lack of boundary checking causes a string copy in either Attachment_Times or Import_Times properties to write past the end of a buffer.

CVSS: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)

This strike exploits a vulnerability in Mozilla Firefox. This vulnerability violates the same origin policy which prevents a document or script loaded from one origin from getting or setting properties of a document from another origin. This document can read the property of the window object with a different origin, which leads to the disclosure of the URL information for that window object.

CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

This strike identifies a vulnerability in Microsoft Excel. It exists within the OBJECTLINK record. If an OBJECTLINK record has a wLinkObj value of 4 and is linked to a single data point the wLinkVar2 is used as an index into the Series specified by wLinkVar1. wLinkVar2 is not properly validated. If the value exceeds 31999 (0x7CFF), the application will read a memory location outside of the wLinkObj...

CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

This strike exploits a stack memory corruption vulnerability in Microsoft Office Powerpoint. The vulnerability is due to improper validation of user-supplied data when examining certain attributes in OEPlaceHolder atoms in PowerPoint files. This vulnerability can lead to arbitrary code execution in the context of the current user.

CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

This strike exploits a command injection vulnerability in Sinapsi eSolar Light Photovoltaic System Monitor.

Pages