Displaying 181 - 200 of 38146
Last import : Jun 17 17:00

CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

This strike exploits a vulnerability in the SAP GUIs ActiveX control EAI WebViewer3D. The vulnerable parameter is the filePath string. Because it is not properly validated, an overly long value supplied for the filePath string, will overflow a stack buffer of 0x108, overwriting critical memory.

CVSS: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

This strike exploits a denial of service flaw in Apaches mod rpaf module when presented with an invalid x-forward-for tag. Note that Apaches thread model and restart capabilities may somewhat mask the observable behavior of this exploit.

CVSS: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)

This strike exploits a cross-site scripting vulnerability in Internet Explorer. The vulnerability is due to a lack of input validation of html code. Remote attackers can exploit this vulnerability by enticing a user to open a malicious web page using the toStaticHTML method, leading to information disclosure and execution of arbitrary browser script code.

CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

This strike exploits a buffer overflow in Microsofts Visio where importing a malformed Autodesk DXF file leads to a buffer overflow.

This strike sends a rogue anti-spyware malware sample detected by Mcafee as Artemis!FC3C83FC81D6. The MD5 hash of this sample is fc3c83fc81d62029659d03b8837896c1.

CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

This strike demonstrates an exploit in Java where an attacker can run arbitrary Java code without sandbox protection.

CVSS: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

This strike exploits a denial of service vulnerability in OpenSSL. The vulnerability is due to a NULL pointer dereference that can occur when parsing the version. A remote attacker could cause the vulnerable service to terminate by sending a specially crafted packet.

This strike sends a trojan malware sample detected by Mcafee as Downloader.a!c2q, Kaspersky as Trojan.Win32.Agent.tygu, Symantec as WS.Reputation.1, Bitdefender as Trojan.Generic.KDV.744290. The MD5 hash of this sample is 2aa318b7822d87eee0d91f2ee809e090.

CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

This strike identifies an integer overflow in HP OpenView Data Protector Cell Manager. This vulnearbility is due to the way the Length parameter is processed. If this parameter is greater than 0xFFFFFFF8, length which is used in the calculation of a size parameter for a heap buffer causes an integer overflow. When data is copied to this undersized buffer, critical memory is overwritten.

This strike sends a trojan malware sample detected by Kaspersky as Trojan.Win32.BHO.adua. The MD5 hash of this sample is d7bdb39daeae50470db7de804068a2e7.

CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

This strike exploits a memory corruption vulnerability in Microsoft Internet Explorer IE. The vulnerability is caused by the way IE handles deflate compressed data streams. This vulnerability could be exploited to inject and execute malicious code by enticing a user to view a malicious web page.

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

This strike exploits a vulnerability in Oracle AutoVue Enterprise Visualization software. When a string is passed to the SetMarkupMode method with a size greater than 0x100, that string is copied from heap memory into an allocated stack buffer without validation.

CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

This strike exploits a vulnerability in the SAP Crystal Reports ActiveX control printcontrol.dll. The ServerResourceVersion property is not properly validated, and if it exceeds a size 0x40C the string overflows a heap buffer.

CVSS: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)

This strike exploits a reflected cross-site scripting XSS vulnerability in Microsoft System Center Configuration Manager. The vulnerability is caused by lack of input validation when handling HTTP requests. This vulnerability can be exploited by an attacker to execute malicious code in in the context of the victim users browser.

This strike sends a trojan malware sample detected by Mcafee as Generic Downloader.oy, Kaspersky as Trojan-Dropper.Win32.NSIS.tz, Symantec as Trojan.ADH.2, Microsoft as Trojan:Win32/Comame, Bitdefender as Trojan.Nsis.Agent.Z. The MD5 hash of this sample is dbe8327ac05e989ab7a85cbfdd78d34e.

This strike sends a trojan malware sample detected by Mcafee as PWS-Zbot.gen.amx, Kaspersky as Trojan-Spy.Win32.Zbot.fdka, Symantec as Trojan.Gen, Microsoft as VirTool:Win32/CeeInject.gen!HL, Bitdefender as Trojan.Generic.KD.741442. The MD5 hash of this sample is b37e286a34de2b3a795f92dade7277f7.

This strike sends a trojan malware sample detected by Mcafee as Generic Downloader.oy, Kaspersky as Trojan-Dropper.Win32.NSIS.tz, Symantec as Trojan.ADH.2, Microsoft as Trojan:Win32/Comame, Bitdefender as Trojan.Nsis.Agent.Z. The MD5 hash of this sample is dbe8327ac05e989ab7a85cbfdd78d34e.

CVSS: 7.1 (AV:N/AC:M/Au:N/C:N/I:N/A:C)

On some SCTP implementations in a Linux kernel, a user may provide a number of malformed SCTP messages which the kernel tries to report. This reporting allocates a buffer which can be clobbered.

CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

This strike exploits a stack buffer overflow vulnerability in HP OpenView Network Node Manager NNM. The vulnerability is caused by lack of input validation when handling HTTP requests. This vulnerability can be exploited by an unauthenticated attacker to inject and execute arbitrary code on target system.

CVSS: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)

This strike identifies a vulnerability in Novells GroupWise Internet Agent. When receving a vCalendar request, the Date-Time data type is not properly validated. The code checks the first 9 bytes of the string without checking its length, and then checks that the 9th byte is a T. Next it checks the following 6 bytes to finish the format. If the code entered is less than 9 bytes, a read access...

Pages